Vulnerabilites related to Schneider Electric - Modicon M340
var-201905-1030
Vulnerability from variot
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus. plural Modicon The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. An attacker could use the vulnerability to obtain sensitive information about the affected components. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1030",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64"
},
{
"db": "CNVD",
"id": "CNVD-2019-34828"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015475"
},
{
"db": "NVD",
"id": "CVE-2018-7848"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015475"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-921"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7848",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7848",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34828",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137880",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7848",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7848",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7848",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7848",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-34828",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-921",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137880",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7848",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64"
},
{
"db": "CNVD",
"id": "CNVD-2019-34828"
},
{
"db": "VULHUB",
"id": "VHN-137880"
},
{
"db": "VULMON",
"id": "CVE-2018-7848"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015475"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-921"
},
{
"db": "NVD",
"id": "CVE-2018-7848"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus. plural Modicon The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. An attacker could use the vulnerability to obtain sensitive information about the affected components. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7848"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015475"
},
{
"db": "CNVD",
"id": "CNVD-2019-34828"
},
{
"db": "IVD",
"id": "ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64"
},
{
"db": "VULHUB",
"id": "VHN-137880"
},
{
"db": "VULMON",
"id": "CVE-2018-7848"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7848",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0740",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-921",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-34828",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015475",
"trust": 0.8
},
{
"db": "IVD",
"id": "AC1F1B0E-3CE8-4FC5-A3FD-16AF90549C64",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137880",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7848",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64"
},
{
"db": "CNVD",
"id": "CNVD-2019-34828"
},
{
"db": "VULHUB",
"id": "VHN-137880"
},
{
"db": "VULMON",
"id": "CVE-2018-7848"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015475"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-921"
},
{
"db": "NVD",
"id": "CVE-2018-7848"
}
]
},
"id": "VAR-201905-1030",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64"
},
{
"db": "CNVD",
"id": "CNVD-2019-34828"
},
{
"db": "VULHUB",
"id": "VHN-137880"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64"
},
{
"db": "CNVD",
"id": "CNVD-2019-34828"
}
]
},
"last_update_date": "2024-11-23T21:52:12.740000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yanissec/CVE-2018-7848 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7848"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015475"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015475"
},
{
"db": "NVD",
"id": "CVE-2018-7848"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7848"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0740"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7848"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0740"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://github.com/yanissec/cve-2018-7848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34828"
},
{
"db": "VULHUB",
"id": "VHN-137880"
},
{
"db": "VULMON",
"id": "CVE-2018-7848"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015475"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-921"
},
{
"db": "NVD",
"id": "CVE-2018-7848"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64"
},
{
"db": "CNVD",
"id": "CNVD-2019-34828"
},
{
"db": "VULHUB",
"id": "VHN-137880"
},
{
"db": "VULMON",
"id": "CVE-2018-7848"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015475"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-921"
},
{
"db": "NVD",
"id": "CVE-2018-7848"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "IVD",
"id": "ac1f1b0e-3ce8-4fc5-a3fd-16af90549c64"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34828"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137880"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7848"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015475"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-921"
},
{
"date": "2019-05-22T20:29:01.747000",
"db": "NVD",
"id": "CVE-2018-7848"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34828"
},
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-137880"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7848"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015475"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-921"
},
{
"date": "2024-11-21T04:12:52.373000",
"db": "NVD",
"id": "CVE-2018-7848"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-921"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015475"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-921"
}
],
"trust": 0.6
}
}
var-202001-1484
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
Several Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1484",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxp573634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp57554m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65150",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "tsxp57204m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp57454m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp57304m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp572634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65260",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "140cpu67160",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "tsxp57354m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu67861",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "140cpu67060",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "140cpu67160s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "tsxp576634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxh5724m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp571634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": "tsxp57104m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp574634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65860",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "140cpu67261",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.80"
},
{
"model": "tsxh5744m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65160s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "tsxp57154m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65160",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "140cpu67260",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "tsxp57254m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp575634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.01"
},
{
"model": "electric modicon m580",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.80"
},
{
"model": "electric modicon premium",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.20"
},
{
"model": "electric modicon quantum",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.52"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02579"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016188"
},
{
"db": "NVD",
"id": "CVE-2018-7794"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxh5724m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxh5744m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57354m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57454m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp574634m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57554m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp575634m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp576634m_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Younes Dragoni (Nozomi Networks)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-833"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7794",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7794",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-02579",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7794",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7794",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7794",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7794",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-02579",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-833",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02579"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016188"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-833"
},
{
"db": "NVD",
"id": "CVE-2018-7794"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nSeveral Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7794"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016188"
},
{
"db": "CNVD",
"id": "CNVD-2020-02579"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7794",
"trust": 3.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-344-01",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016188",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-02579",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0189",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-016-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-833",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02579"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016188"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-833"
},
{
"db": "NVD",
"id": "CVE-2018-7794"
}
]
},
"id": "VAR-202001-1484",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02579"
}
],
"trust": 1.5935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02579"
}
]
},
"last_update_date": "2024-11-23T21:36:14.598000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-344-01",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01/"
},
{
"title": "Patch for Multiple Schneider Electric Product Code Issue Vulnerabilities (CNVD-2020-02579)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/197261"
},
{
"title": "Multiple Schneider Electric Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108231"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02579"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016188"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-833"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016188"
},
{
"db": "NVD",
"id": "CVE-2018-7794"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7794"
},
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-344-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7794"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18615"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0189/"
},
{
"trust": 0.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-344-01/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02579"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016188"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-833"
},
{
"db": "NVD",
"id": "CVE-2018-7794"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02579"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016188"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-833"
},
{
"db": "NVD",
"id": "CVE-2018-7794"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02579"
},
{
"date": "2020-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016188"
},
{
"date": "2019-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-833"
},
{
"date": "2020-01-06T23:15:10.893000",
"db": "NVD",
"id": "CVE-2018-7794"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02579"
},
{
"date": "2020-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016188"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-833"
},
{
"date": "2024-11-21T04:12:44.850000",
"db": "NVD",
"id": "CVE-2018-7794"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-833"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in checking exceptional conditions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-833"
}
],
"trust": 0.6
}
}
var-201304-0150
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. The following versions are affected by this vulnerability: Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Such as modifying the HTTP authentication credentials. Schneider Electric Products are prone to multiple security vulnerabilities. Successfully exploiting these issues allows remote attackers to execute arbitrary code or perform unauthorized actions in the context of the user's session; other attacks are also possible. Note: The denial-of-service vulnerability issue affecting Modicon M340 and the authentication-bypass issue affecting Maagelis XBT HMI were determined not to be vulnerabilities. The following Schneider Electric products are affected: BMX NOE 0110 Modicon M340. Schneider Electric software on customer PCs uses the SESU service as a communication mechanism to the Schneider Electric central update server, which can be used to receive software updates on a regular basis. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Schneider Electric Ethernet Modules Cross-Site Request Forgery Vulnerability
SECUNIA ADVISORY ID: SA52189
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52189/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52189
RELEASE DATE: 2013-02-14
DISCUSS ADVISORY: http://secunia.com/advisories/52189/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52189/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52189
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Schneider Electric Ethernet Modules, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The vulnerability is caused due to the modules allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change credentials when a logged-in administrator visits a specially crafted web page.
Quantum: 140NOE77111 140NOE77101 140NWM10000
M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx
Premium: TSXETY4103 TSXETY5103 TSXWMY100
SOLUTION: No official solution is currently available.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Arthur Gervais.
ORIGINAL ADVISORY: SEVD-2013-023-01: http://download.schneider-electric.com/files?L=en&p=&p_docId=&p_docId=&p_Reference=SEVD%202013-023-01&p_EnDocType=Technical%20paper&p_File_Id=36555639&p_File_Name=SEVD-2013-023-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon quantum plc",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "140noe77101"
},
{
"model": "modicon quantum plc",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "140nwm10000"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "bmxnoc0401"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "tsxety4103"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "tsxety5103"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "bmxnoe011xx"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "bmxnoe0100x"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "tsxwmy100"
},
{
"model": "modicon quantum plc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "140noe77111"
},
{
"model": "modicon m340 pac",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoc0401"
},
{
"model": "modicon m340 pac",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoe0100x"
},
{
"model": "modicon m340 pac",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoe011xx"
},
{
"model": "modicon premium plc",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxety4103"
},
{
"model": "modicon premium plc",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxety5103"
},
{
"model": "modicon premium plc",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxwmy100"
},
{
"model": "modicon quantum plc",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "40noe77111"
},
{
"model": "electric m340 series modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum series modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric premium series modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric quantum 140noe77111",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric quantum 140noe77101",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric quantum 140nwm10000",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric m340 bmxnoc0401",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric m340 bmxnoe0100x",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric m340 bmxnoe011xx",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric premium tsxety4103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric premium tsxety5103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric premium tsxwmy100",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "140noe77101",
"scope": null,
"trust": 0.2,
"vendor": "modicon quantum plc",
"version": null
},
{
"model": "140noe77111",
"scope": null,
"trust": 0.2,
"vendor": "modicon quantum plc",
"version": null
},
{
"model": "140nwm10000",
"scope": null,
"trust": 0.2,
"vendor": "modicon quantum plc",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.2,
"vendor": "modicon m340",
"version": null
},
{
"model": "bmxnoe011xx",
"scope": null,
"trust": 0.2,
"vendor": "modicon m340",
"version": null
},
{
"model": "bmxnoe0100x",
"scope": null,
"trust": 0.2,
"vendor": "modicon m340",
"version": null
},
{
"model": "tsxety4103",
"scope": null,
"trust": 0.2,
"vendor": "modicon premium",
"version": null
},
{
"model": "tsxety5103",
"scope": null,
"trust": 0.2,
"vendor": "modicon premium",
"version": null
},
{
"model": "tsxwmy100",
"scope": null,
"trust": 0.2,
"vendor": "modicon premium",
"version": null
},
{
"model": "electric m340 series modules null",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric modicon quantum series modules null",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric premium series modules null",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "03f69634-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02841"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002146"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-366"
},
{
"db": "NVD",
"id": "CVE-2013-0663"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_m340",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_premium",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_quantum_plc",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002146"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arthur Gervais",
"sources": [
{
"db": "BID",
"id": "57435"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-366"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-0663",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CNVD-2013-02841",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "03f69634-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-60665",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0663",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-0663",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-02841",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-366",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "03f69634-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-60665",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "03f69634-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02841"
},
{
"db": "VULHUB",
"id": "VHN-60665"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002146"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-366"
},
{
"db": "NVD",
"id": "CVE-2013-0663"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. The following versions are affected by this vulnerability: Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Such as modifying the HTTP authentication credentials. Schneider Electric Products are prone to multiple security vulnerabilities. \nSuccessfully exploiting these issues allows remote attackers to execute arbitrary code or perform unauthorized actions in the context of the user\u0027s session; other attacks are also possible. \nNote: The denial-of-service vulnerability issue affecting Modicon M340 and the authentication-bypass issue affecting Maagelis XBT HMI were determined not to be vulnerabilities. \nThe following Schneider Electric products are affected:\nBMX NOE 0110\nModicon M340. Schneider Electric software on customer PCs uses the SESU service as a communication mechanism to the Schneider Electric central update server, which can be used to receive software updates on a regular basis. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSchneider Electric Ethernet Modules Cross-Site Request Forgery\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA52189\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52189/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52189\n\nRELEASE DATE:\n2013-02-14\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52189/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52189/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52189\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Schneider Electric Ethernet\nModules, which can be exploited by malicious people to conduct\ncross-site request forgery attacks. \n\nThe vulnerability is caused due to the modules allowing users to\nperform certain actions via HTTP requests without performing proper\nvalidity checks to verify the requests. This can be exploited to e.g. \nchange credentials when a logged-in administrator visits a specially\ncrafted web page. \n\nQuantum:\n140NOE77111\n140NOE77101\n140NWM10000\n\nM340:\nBMXNOC0401\nBMXNOE0100x\nBMXNOE011xx\n\nPremium:\nTSXETY4103\nTSXETY5103\nTSXWMY100\n\nSOLUTION:\nNo official solution is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Arthur Gervais. \n\nORIGINAL ADVISORY:\nSEVD-2013-023-01:\nhttp://download.schneider-electric.com/files?L=en\u0026p=\u0026p_docId=\u0026p_docId=\u0026p_Reference=SEVD%202013-023-01\u0026p_EnDocType=Technical%20paper\u0026p_File_Id=36555639\u0026p_File_Name=SEVD-2013-023-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0663"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002146"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02841"
},
{
"db": "BID",
"id": "57435"
},
{
"db": "IVD",
"id": "03f69634-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60665"
},
{
"db": "PACKETSTORM",
"id": "120311"
}
],
"trust": 3.51
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-60665",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60665"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0663",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-077-01A",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2013-023-01",
"trust": 2.4
},
{
"db": "BID",
"id": "57435",
"trust": 1.5
},
{
"db": "EXPLOIT-DB",
"id": "44678",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201301-366",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02841",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-01138",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "52189",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002146",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-13-077-01",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-13-077-01B",
"trust": 0.3
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-13-016-01",
"trust": 0.3
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-13-016-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "03F69634-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "8D5791DE-1F35-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147715",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-60665",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120311",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "03f69634-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02841"
},
{
"db": "VULHUB",
"id": "VHN-60665"
},
{
"db": "BID",
"id": "57435"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002146"
},
{
"db": "PACKETSTORM",
"id": "120311"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-366"
},
{
"db": "NVD",
"id": "CVE-2013-0663"
}
]
},
"id": "VAR-201304-0150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "03f69634-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02841"
},
{
"db": "VULHUB",
"id": "VHN-60665"
}
],
"trust": 2.6108974307692305
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "03f69634-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02841"
}
]
},
"last_update_date": "2024-11-23T21:51:40.312000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Important Security Notification - M340, Quantum. and Premium Ethernet communication modules",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_File_Id=36555639\u0026p_File_Name=SEVD-2013-023-01.pdf"
},
{
"title": "SEVD 2013-023-01",
"trust": 0.8,
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"title": "\u30b5\u30dd\u30fc\u30c8",
"trust": 0.8,
"url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
},
{
"title": "Patch for multiple product cross-site request forgery vulnerabilities in Schneider Electric",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/33179"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02841"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002146"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60665"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002146"
},
{
"db": "NVD",
"id": "CVE-2013-0663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-077-01a.pdf"
},
{
"trust": 2.2,
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-sevd-2013-023-01.pdf/?filename=sevd-2013-023-01.pdf\u0026reference=sevd-2013-023-01\u0026doctype=technical-paper"
},
{
"trust": 1.7,
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-vulnerability-disclosure-for-quantum-premium-and-m340/"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/44678/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0663"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0663"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/52189/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57435"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-13-016-01.pdf"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/pdf/ics-alert-13-016-01a.pdf"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-077-01.pdf"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-077-01b"
},
{
"trust": 0.1,
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-sevd-2013-023-01.pdf/?filename=sevd-2013-023-01.pdf\u0026amp;reference=sevd-2013-023-01\u0026amp;doctype=technical-paper"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52189"
},
{
"trust": 0.1,
"url": "http://download.schneider-electric.com/files?l=en\u0026p=\u0026p_docid=\u0026p_docid=\u0026p_reference=sevd%202013-023-01\u0026p_endoctype=technical%20paper\u0026p_file_id=36555639\u0026p_file_name=sevd-2013-023-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52189/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02841"
},
{
"db": "VULHUB",
"id": "VHN-60665"
},
{
"db": "BID",
"id": "57435"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002146"
},
{
"db": "PACKETSTORM",
"id": "120311"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-366"
},
{
"db": "NVD",
"id": "CVE-2013-0663"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "03f69634-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02841"
},
{
"db": "VULHUB",
"id": "VHN-60665"
},
{
"db": "BID",
"id": "57435"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002146"
},
{
"db": "PACKETSTORM",
"id": "120311"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-366"
},
{
"db": "NVD",
"id": "CVE-2013-0663"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-11T00:00:00",
"db": "IVD",
"id": "03f69634-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-21T00:00:00",
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"date": "2013-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02841"
},
{
"date": "2013-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-60665"
},
{
"date": "2013-01-16T00:00:00",
"db": "BID",
"id": "57435"
},
{
"date": "2013-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002146"
},
{
"date": "2013-02-14T01:37:18",
"db": "PACKETSTORM",
"id": "120311"
},
{
"date": "2013-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-366"
},
{
"date": "2013-04-04T11:58:48.687000",
"db": "NVD",
"id": "CVE-2013-0663"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"date": "2013-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02841"
},
{
"date": "2018-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-60665"
},
{
"date": "2015-03-19T09:43:00",
"db": "BID",
"id": "57435"
},
{
"date": "2013-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002146"
},
{
"date": "2013-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-366"
},
{
"date": "2024-11-21T01:47:58.017000",
"db": "NVD",
"id": "CVE-2013-0663"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-366"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Ethernet Modules Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-366"
}
],
"trust": 0.6
}
}
var-201910-0584
Vulnerability from variot
A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0584",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxmcpc512k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc768k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc003m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpf008m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp384k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmcpc002m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc01m7",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfp0128p2",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpp384k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc002m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfp064p2",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp512k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp004m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc448k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp224k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp001m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc007m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpf004m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp002m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc001m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpp224k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmcpc002m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmcpc512k",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmfpp001m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmfpp002m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmfpp004m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmfpp512k",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmrpc001m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmrpc002m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011632"
},
{
"db": "NVD",
"id": "CVE-2019-6851"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfp0128p2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfp0128p2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfp0128p2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfp0128p2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfp064p2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfp064p2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfp064p2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfp064p2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp224k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp224k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp224k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp224k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp384k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp384k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp384k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp384k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc448k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc448k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc448k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc448k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpp224k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpp224k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpp224k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpp224k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpp384k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpp384k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpp384k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpp384k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6851"
}
]
},
"cve": "CVE-2019-6851",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6851",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6851",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6851",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6851",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-400",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011632"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-400"
},
{
"db": "NVD",
"id": "CVE-2019-6851"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6851"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011632"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6851",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-281-01",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011632",
"trust": 0.8
},
{
"db": "TALOS",
"id": "TALOS-2019-0851",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-400",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011632"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-400"
},
{
"db": "NVD",
"id": "CVE-2019-6851"
}
]
},
"id": "VAR-201910-0584",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.634316675
},
"last_update_date": "2022-05-04T09:55:56.268000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-281-01",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-281-01/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011632"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
},
{
"problemtype": "CWE-538",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011632"
},
{
"db": "NVD",
"id": "CVE-2019-6851"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6851"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6851"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0851"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011632"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-400"
},
{
"db": "NVD",
"id": "CVE-2019-6851"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011632"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-400"
},
{
"db": "NVD",
"id": "CVE-2019-6851"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011632"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-400"
},
{
"date": "2019-10-29T19:15:00",
"db": "NVD",
"id": "CVE-2019-6851"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011632"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-400"
},
{
"date": "2022-02-03T16:10:00",
"db": "NVD",
"id": "CVE-2019-6851"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-400"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011632"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-400"
}
],
"trust": 0.6
}
}
var-202003-1441
Vulnerability from variot
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. plural Schneider Electric The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M580, etc. are all products of Schneider Electric in France. Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. Schneider Electric EcoStruxure Control Expert (formerly known as Unity Pro) is a set of programming software for Schneider Electric logic controller products.
Many Schneider Electric products have injection vulnerabilities that attackers can use to send malicious code to the controller. The following products and versions are affected: EcoStruxure Control Expert 14.1 Hot Fix previous version; Unity Pro (full version); Modicon M340 V3.20 previous version; Modicon M580 V3.10 previous version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1441",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unity pro",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "ecostruxure control expert",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "14.0"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "ecostruxure control expert",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "14.1 hot fix"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "ecostruxure control expert",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "unity pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "modicon m580",
"version": "*"
},
{
"model": "electric unity pro",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric ecostruxure control expert hot fix",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "14.1"
},
{
"model": "electric modicon m340",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.20"
},
{
"model": "electric modicon m580",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.10"
}
],
"sources": [
{
"db": "IVD",
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6"
},
{
"db": "IVD",
"id": "17a37300-5783-4a41-8124-fdbd46329f3c"
},
{
"db": "IVD",
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31"
},
{
"db": "CNVD",
"id": "CNVD-2020-23198"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003406"
},
{
"db": "NVD",
"id": "CVE-2020-7475"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:ecostruxure_control_expert",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003406"
}
]
},
"cve": "CVE-2020-7475",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7475",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003406",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-23198",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "17a37300-5783-4a41-8124-fdbd46329f3c",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-185600",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7475",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003406",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7475",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003406",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-23198",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1330",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "17a37300-5783-4a41-8124-fdbd46329f3c",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-185600",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6"
},
{
"db": "IVD",
"id": "17a37300-5783-4a41-8124-fdbd46329f3c"
},
{
"db": "IVD",
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31"
},
{
"db": "CNVD",
"id": "CNVD-2020-23198"
},
{
"db": "VULHUB",
"id": "VHN-185600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003406"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1330"
},
{
"db": "NVD",
"id": "CVE-2020-7475"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. plural Schneider Electric The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M580, etc. are all products of Schneider Electric in France. Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. Schneider Electric EcoStruxure Control Expert (formerly known as Unity Pro) is a set of programming software for Schneider Electric logic controller products. \n\r\n\r\nMany Schneider Electric products have injection vulnerabilities that attackers can use to send malicious code to the controller. The following products and versions are affected: EcoStruxure Control Expert 14.1 Hot Fix previous version; Unity Pro (full version); Modicon M340 V3.20 previous version; Modicon M580 V3.10 previous version",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7475"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003406"
},
{
"db": "CNVD",
"id": "CNVD-2020-23198"
},
{
"db": "IVD",
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6"
},
{
"db": "IVD",
"id": "17a37300-5783-4a41-8124-fdbd46329f3c"
},
{
"db": "IVD",
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31"
},
{
"db": "VULHUB",
"id": "VHN-185600"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7475",
"trust": 3.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-080-01",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2020-23198",
"trust": 1.3
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1330",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003406",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46623",
"trust": 0.6
},
{
"db": "IVD",
"id": "35A9C5F0-4FF6-4832-9BFF-DD010F8FF4A6",
"trust": 0.2
},
{
"db": "IVD",
"id": "17A37300-5783-4A41-8124-FDBD46329F3C",
"trust": 0.2
},
{
"db": "IVD",
"id": "C6A4A266-58FD-48FF-B1ED-97CD3F6F2B31",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-185600",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6"
},
{
"db": "IVD",
"id": "17a37300-5783-4a41-8124-fdbd46329f3c"
},
{
"db": "IVD",
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31"
},
{
"db": "CNVD",
"id": "CNVD-2020-23198"
},
{
"db": "VULHUB",
"id": "VHN-185600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003406"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1330"
},
{
"db": "NVD",
"id": "CVE-2020-7475"
}
]
},
"id": "VAR-202003-1441",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6"
},
{
"db": "IVD",
"id": "17a37300-5783-4a41-8124-fdbd46329f3c"
},
{
"db": "IVD",
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31"
},
{
"db": "CNVD",
"id": "CNVD-2020-23198"
},
{
"db": "VULHUB",
"id": "VHN-185600"
}
],
"trust": 2.1185145
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "IVD",
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6"
},
{
"db": "IVD",
"id": "17a37300-5783-4a41-8124-fdbd46329f3c"
},
{
"db": "IVD",
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31"
},
{
"db": "CNVD",
"id": "CNVD-2020-23198"
}
]
},
"last_update_date": "2024-11-23T22:48:03.107000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-080-01",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-080-01/"
},
{
"title": "Patch for Multiple Schneider Electric product injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/214305"
},
{
"title": "Multiple Schneider Electric Fixing measures for product injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112775"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23198"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003406"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1330"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003406"
},
{
"db": "NVD",
"id": "CVE-2020-7475"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7475"
},
{
"trust": 1.7,
"url": "http://www.se.com/ww/en/download/document/sevd-2020-080-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7475"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46623"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23198"
},
{
"db": "VULHUB",
"id": "VHN-185600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003406"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1330"
},
{
"db": "NVD",
"id": "CVE-2020-7475"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6"
},
{
"db": "IVD",
"id": "17a37300-5783-4a41-8124-fdbd46329f3c"
},
{
"db": "IVD",
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31"
},
{
"db": "CNVD",
"id": "CNVD-2020-23198"
},
{
"db": "VULHUB",
"id": "VHN-185600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003406"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1330"
},
{
"db": "NVD",
"id": "CVE-2020-7475"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-23T00:00:00",
"db": "IVD",
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6"
},
{
"date": "2020-03-23T00:00:00",
"db": "IVD",
"id": "17a37300-5783-4a41-8124-fdbd46329f3c"
},
{
"date": "2020-03-23T00:00:00",
"db": "IVD",
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31"
},
{
"date": "2020-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23198"
},
{
"date": "2020-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-185600"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003406"
},
{
"date": "2020-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1330"
},
{
"date": "2020-03-23T19:15:12.413000",
"db": "NVD",
"id": "CVE-2020-7475"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23198"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-185600"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003406"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1330"
},
{
"date": "2024-11-21T05:37:13.210000",
"db": "NVD",
"id": "CVE-2020-7475"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1330"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Product injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003406"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "IVD",
"id": "35a9c5f0-4ff6-4832-9bff-dd010f8ff4a6"
},
{
"db": "IVD",
"id": "17a37300-5783-4a41-8124-fdbd46329f3c"
},
{
"db": "IVD",
"id": "c6a4a266-58fd-48ff-b1ed-97cd3f6f2b31"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1330"
}
],
"trust": 1.2
}
}
var-201910-0579
Vulnerability from variot
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. plural Modicon The product contains a vulnerability related to clear transmission of important information.Information may be obtained. Schneider Electric Modicon M580 is a programmable automation controller from Schneider Electric of France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0579",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon 140cra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon bmxcra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon 140cra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon bmxcra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon bmxcra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon 140cra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_140cra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_bmxcra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6846",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-6846",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-02971",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6846",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6846",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6846",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6846",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-02971",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-427",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. plural Modicon The product contains a vulnerability related to clear transmission of important information.Information may be obtained. Schneider Electric Modicon M580 is a programmable automation controller from Schneider Electric of France",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6846"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "CNVD",
"id": "CNVD-2020-02971"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6846",
"trust": 3.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-281-02",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-02971",
"trust": 0.6
},
{
"db": "TALOS",
"id": "TALOS-2019-0827",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-427",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"id": "VAR-201910-0579",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
}
],
"trust": 1.5978355
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
}
]
},
"last_update_date": "2024-11-23T21:36:37.755000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-281-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-281-02/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6846"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6846"
},
{
"trust": 0.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-281-02/"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0827"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"date": "2019-10-29T19:15:22.187000",
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"date": "2024-11-21T04:47:16.200000",
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to clear transmission of important information in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
}
],
"trust": 0.6
}
}
var-202001-0450
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
Several Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0450",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxp573634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65150",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "tsxp57554m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp57204m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp57454m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp57304m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp572634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu67160",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "tsxp57354m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65260",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "140cpu67861",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "140cpu67160s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "140cpu67060",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "tsxp576634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxh5724m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp571634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": "tsxp57104m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp574634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.80"
},
{
"model": "tsxh5744m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65860",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "140cpu67261",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "140cpu65160s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "tsxp57154m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65160",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "140cpu67260",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "tsxp57254m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp575634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.01"
},
{
"model": "electric modicon m580",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.80"
},
{
"model": "electric modicon premium",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.20"
},
{
"model": "electric modicon quantum",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.60"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014052"
},
{
"db": "NVD",
"id": "CVE-2019-6857"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxh5724m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxh5744m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57354m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57454m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp574634m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57554m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp575634m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp576634m_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014052"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mengmeng Young, Gideon Guo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-835"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6857",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6857",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-02577",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6857",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6857",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6857",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6857",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-02577",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-835",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014052"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-835"
},
{
"db": "NVD",
"id": "CVE-2019-6857"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nSeveral Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6857"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014052"
},
{
"db": "CNVD",
"id": "CNVD-2020-02577"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6857",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-016-01",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-344-01",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014052",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-02577",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0189",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-835",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014052"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-835"
},
{
"db": "NVD",
"id": "CVE-2019-6857"
}
]
},
"id": "VAR-202001-0450",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02577"
}
],
"trust": 1.5935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02577"
}
]
},
"last_update_date": "2024-11-23T21:36:14.570000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-344-01",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01/"
},
{
"title": "Patch for Multiple Schneider Electric Product Code Issue Vulnerabilities (CNVD-2020-02577)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/197253"
},
{
"title": "Multiple Schneider Electric Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106543"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014052"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-835"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014052"
},
{
"db": "NVD",
"id": "CVE-2019-6857"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6857"
},
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-344-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6857"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18615"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0189/"
},
{
"trust": 0.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-344-01/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014052"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-835"
},
{
"db": "NVD",
"id": "CVE-2019-6857"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014052"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-835"
},
{
"db": "NVD",
"id": "CVE-2019-6857"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02577"
},
{
"date": "2020-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014052"
},
{
"date": "2019-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-835"
},
{
"date": "2020-01-06T23:15:11.377000",
"db": "NVD",
"id": "CVE-2019-6857"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02577"
},
{
"date": "2020-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014052"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-835"
},
{
"date": "2024-11-21T04:47:17.580000",
"db": "NVD",
"id": "CVE-2019-6857"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-835"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in checking exceptional conditions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014052"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-835"
}
],
"trust": 0.6
}
}
var-201304-0399
Vulnerability from variot
The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client. The SESU tool used by several of these products is used to update software on Windows PC systems. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Schneider Electric Ethernetmokuai has a cross-site request forgery vulnerability that allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions, such as changing passwords, in the context of the target user. The following versions are affected by this vulnerability: Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100. Schneider Electric Ethernet Modules are prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to crash the module, resulting in denial-of-service conditions. The following modules are vulnerable: Ethernet Module M340 BMXNOE01xx Ethernet Module M340 BMXP3420xx. Schneider Electric software on customer PCs uses the SESU service as a communication mechanism to the Schneider Electric central update server, which can be used to receive software updates on a regular basis. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Schneider Electric Ethernet Modules Cross-Site Request Forgery Vulnerability
SECUNIA ADVISORY ID: SA52189
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52189/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52189
RELEASE DATE: 2013-02-14
DISCUSS ADVISORY: http://secunia.com/advisories/52189/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52189/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52189
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Schneider Electric Ethernet Modules, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The vulnerability is caused due to the modules allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change credentials when a logged-in administrator visits a specially crafted web page.
Quantum: 140NOE77111 140NOE77101 140NWM10000
M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx
Premium: TSXETY4103 TSXETY5103 TSXWMY100
SOLUTION: No official solution is currently available.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Arthur Gervais.
ORIGINAL ADVISORY: SEVD-2013-023-01: http://download.schneider-electric.com/files?L=en&p=&p_docId=&p_docId=&p_Reference=SEVD%202013-023-01&p_EnDocType=Technical%20paper&p_File_Id=36555639&p_File_Name=SEVD-2013-023-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "bmxnoe01xx"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "bmxp3420xx"
},
{
"model": "modicon m340 pac",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoe01xx"
},
{
"model": "modicon m340 pac",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxp3420xx"
},
{
"model": "electric bmxp3420xx plc modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric m340 bmxnoe01xx modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric m340 series modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum series modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric premium series modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "bmxnoe01xx",
"scope": null,
"trust": 0.2,
"vendor": "modicon m340",
"version": null
},
{
"model": "bmxp3420xx",
"scope": null,
"trust": 0.2,
"vendor": "modicon m340",
"version": null
},
{
"model": "electric m340 series modules null",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric modicon quantum series modules null",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric premium series modules null",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002148"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-034"
},
{
"db": "NVD",
"id": "CVE-2013-2761"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_m340",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002148"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arthur Gervais",
"sources": [
{
"db": "BID",
"id": "58950"
}
],
"trust": 0.3
},
"cve": "CVE-2013-2761",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2013-2761",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2013-02812",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-62763",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2761",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-2761",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-02812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-034",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-62763",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"db": "VULHUB",
"id": "VHN-62763"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002148"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-034"
},
{
"db": "NVD",
"id": "CVE-2013-2761"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client. The SESU tool used by several of these products is used to update software on Windows PC systems. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Schneider Electric Ethernetmokuai has a cross-site request forgery vulnerability that allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions, such as changing passwords, in the context of the target user. The following versions are affected by this vulnerability: Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100. Schneider Electric Ethernet Modules are prone to a denial-of-service vulnerability. \nA remote attacker can exploit this issue to crash the module, resulting in denial-of-service conditions. \nThe following modules are vulnerable:\nEthernet Module M340 BMXNOE01xx\nEthernet Module M340 BMXP3420xx. Schneider Electric software on customer PCs uses the SESU service as a communication mechanism to the Schneider Electric central update server, which can be used to receive software updates on a regular basis. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSchneider Electric Ethernet Modules Cross-Site Request Forgery\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA52189\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52189/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52189\n\nRELEASE DATE:\n2013-02-14\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52189/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52189/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52189\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Schneider Electric Ethernet\nModules, which can be exploited by malicious people to conduct\ncross-site request forgery attacks. \n\nThe vulnerability is caused due to the modules allowing users to\nperform certain actions via HTTP requests without performing proper\nvalidity checks to verify the requests. This can be exploited to e.g. \nchange credentials when a logged-in administrator visits a specially\ncrafted web page. \n\nQuantum:\n140NOE77111\n140NOE77101\n140NWM10000\n\nM340:\nBMXNOC0401\nBMXNOE0100x\nBMXNOE011xx\n\nPremium:\nTSXETY4103\nTSXETY5103\nTSXWMY100\n\nSOLUTION:\nNo official solution is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Arthur Gervais. \n\nORIGINAL ADVISORY:\nSEVD-2013-023-01:\nhttp://download.schneider-electric.com/files?L=en\u0026p=\u0026p_docId=\u0026p_docId=\u0026p_Reference=SEVD%202013-023-01\u0026p_EnDocType=Technical%20paper\u0026p_File_Id=36555639\u0026p_File_Name=SEVD-2013-023-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2761"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002148"
},
{
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "BID",
"id": "58950"
},
{
"db": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-62763"
},
{
"db": "PACKETSTORM",
"id": "120311"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2761",
"trust": 3.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2013-023-01",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-034",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02812",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-01138",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "52189",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002148",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-13-077-01A",
"trust": 0.6
},
{
"db": "BID",
"id": "58950",
"trust": 0.4
},
{
"db": "IVD",
"id": "03DE9D4A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "8D5791DE-1F35-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-62763",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120311",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "VULHUB",
"id": "VHN-62763"
},
{
"db": "BID",
"id": "58950"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002148"
},
{
"db": "PACKETSTORM",
"id": "120311"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-034"
},
{
"db": "NVD",
"id": "CVE-2013-2761"
}
]
},
"id": "VAR-201304-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "VULHUB",
"id": "VHN-62763"
}
],
"trust": 2.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
}
]
},
"last_update_date": "2024-11-23T21:51:40.436000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD 2013-023-01",
"trust": 0.8,
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"title": "Important Security Notification \u0026#8211; M340, Quantum. and Premium Ethernet communication modules",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_File_Id=36555639\u0026p_File_Name=SEVD-2013-023-01.pdf"
},
{
"title": "\u30b5\u30dd\u30fc\u30c8",
"trust": 0.8,
"url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002148"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62763"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002148"
},
{
"db": "NVD",
"id": "CVE-2013-2761"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-vulnerability-disclosure-for-quantum-premium-and-m340/"
},
{
"trust": 1.6,
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-sevd-2013-023-01.pdf/?filename=sevd-2013-023-01.pdf\u0026reference=sevd-2013-023-01\u0026doctype=technical-paper"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2761"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2761"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/52189/"
},
{
"trust": 0.6,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-077-01a.pdf"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-sevd-2013-023-01.pdf/?filename=sevd-2013-023-01.pdf\u0026amp;reference=sevd-2013-023-01\u0026amp;doctype=technical-paper"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52189"
},
{
"trust": 0.1,
"url": "http://download.schneider-electric.com/files?l=en\u0026p=\u0026p_docid=\u0026p_docid=\u0026p_reference=sevd%202013-023-01\u0026p_endoctype=technical%20paper\u0026p_file_id=36555639\u0026p_file_name=sevd-2013-023-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52189/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "VULHUB",
"id": "VHN-62763"
},
{
"db": "BID",
"id": "58950"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002148"
},
{
"db": "PACKETSTORM",
"id": "120311"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-034"
},
{
"db": "NVD",
"id": "CVE-2013-2761"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "VULHUB",
"id": "VHN-62763"
},
{
"db": "BID",
"id": "58950"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002148"
},
{
"db": "PACKETSTORM",
"id": "120311"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-034"
},
{
"db": "NVD",
"id": "CVE-2013-2761"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-09T00:00:00",
"db": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-21T00:00:00",
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"date": "2013-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"date": "2013-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"date": "2013-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-62763"
},
{
"date": "2013-01-23T00:00:00",
"db": "BID",
"id": "58950"
},
{
"date": "2013-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002148"
},
{
"date": "2013-02-14T01:37:18",
"db": "PACKETSTORM",
"id": "120311"
},
{
"date": "2013-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-034"
},
{
"date": "2013-04-04T11:58:49.837000",
"db": "NVD",
"id": "CVE-2013-2761"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"date": "2013-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-62763"
},
{
"date": "2015-03-19T09:17:00",
"db": "BID",
"id": "58950"
},
{
"date": "2013-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002148"
},
{
"date": "2013-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-034"
},
{
"date": "2024-11-21T01:52:19.180000",
"db": "NVD",
"id": "CVE-2013-2761"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-034"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric M340 BMXNOE01xx/BMXP3420xx PLC Module Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02812"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-034"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "03de9d4a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-034"
}
],
"trust": 0.8
}
}
var-201910-0575
Vulnerability from variot
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric.
A denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0575",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon 140cra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon bmxcra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon 140cra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon bmxcra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon bmxcra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon 140cra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon bmxcra",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon 140cra",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504"
},
{
"db": "CNVD",
"id": "CNVD-2019-41497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011439"
},
{
"db": "NVD",
"id": "CVE-2019-6842"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_140cra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_bmxcra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011439"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-403"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6842",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-6842",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-41497",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2019-6842",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6842",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6842",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6842",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-41497",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-403",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504"
},
{
"db": "CNVD",
"id": "CNVD-2019-41497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011439"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-403"
},
{
"db": "NVD",
"id": "CVE-2019-6842"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric. \n\nA denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011439"
},
{
"db": "CNVD",
"id": "CNVD-2019-41497"
},
{
"db": "IVD",
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6842",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-281-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2019-41497",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-403",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011439",
"trust": 0.8
},
{
"db": "TALOS",
"id": "TALOS-2019-0823",
"trust": 0.6
},
{
"db": "IVD",
"id": "6B038939-27B5-4818-95C7-4D2FBE09A504",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504"
},
{
"db": "CNVD",
"id": "CNVD-2019-41497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011439"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-403"
},
{
"db": "NVD",
"id": "CVE-2019-6842"
}
]
},
"id": "VAR-201910-0575",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504"
},
{
"db": "CNVD",
"id": "CNVD-2019-41497"
}
],
"trust": 1.7978355000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504"
},
{
"db": "CNVD",
"id": "CNVD-2019-41497"
}
]
},
"last_update_date": "2024-11-23T21:36:37.635000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-281-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
},
{
"title": "Patch for Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of Service Vulnerability (CNVD-2019-41497)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/190773"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011439"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011439"
},
{
"db": "NVD",
"id": "CVE-2019-6842"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6842"
},
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-281-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6842"
},
{
"trust": 0.6,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-02"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0823"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011439"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-403"
},
{
"db": "NVD",
"id": "CVE-2019-6842"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504"
},
{
"db": "CNVD",
"id": "CNVD-2019-41497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011439"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-403"
},
{
"db": "NVD",
"id": "CVE-2019-6842"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504"
},
{
"date": "2019-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41497"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011439"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-403"
},
{
"date": "2019-10-29T19:15:21.923000",
"db": "NVD",
"id": "CVE-2019-6842"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41497"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011439"
},
{
"date": "2021-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-403"
},
{
"date": "2024-11-21T04:47:15.700000",
"db": "NVD",
"id": "CVE-2019-6842"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-403"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in handling exceptional conditions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011439"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "6b038939-27b5-4818-95c7-4d2fbe09a504"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-403"
}
],
"trust": 0.8
}
}
var-201905-1029
Vulnerability from variot
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus. plural Modicon The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
Multiple Schneider Electric products have access control error vulnerabilities. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "68cf334f-7b3b-4555-bee5-8d20c8febedb"
},
{
"db": "CNVD",
"id": "CNVD-2019-34610"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015474"
},
{
"db": "NVD",
"id": "CVE-2018-7847"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015474"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-920"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7847",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7847",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34610",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "68cf334f-7b3b-4555-bee5-8d20c8febedb",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137879",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7847",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7847",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7847",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7847",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-34610",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-920",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "68cf334f-7b3b-4555-bee5-8d20c8febedb",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137879",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-7847",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "68cf334f-7b3b-4555-bee5-8d20c8febedb"
},
{
"db": "CNVD",
"id": "CNVD-2019-34610"
},
{
"db": "VULHUB",
"id": "VHN-137879"
},
{
"db": "VULMON",
"id": "CVE-2018-7847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015474"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-920"
},
{
"db": "NVD",
"id": "CVE-2018-7847"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus. plural Modicon The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nMultiple Schneider Electric products have access control error vulnerabilities. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015474"
},
{
"db": "CNVD",
"id": "CNVD-2019-34610"
},
{
"db": "IVD",
"id": "68cf334f-7b3b-4555-bee5-8d20c8febedb"
},
{
"db": "VULHUB",
"id": "VHN-137879"
},
{
"db": "VULMON",
"id": "CVE-2018-7847"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7847",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2018-0743",
"trust": 1.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0742",
"trust": 1.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-920",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-34610",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015474",
"trust": 0.8
},
{
"db": "IVD",
"id": "68CF334F-7B3B-4555-BEE5-8D20C8FEBEDB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137879",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7847",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "68cf334f-7b3b-4555-bee5-8d20c8febedb"
},
{
"db": "CNVD",
"id": "CNVD-2019-34610"
},
{
"db": "VULHUB",
"id": "VHN-137879"
},
{
"db": "VULMON",
"id": "CVE-2018-7847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015474"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-920"
},
{
"db": "NVD",
"id": "CVE-2018-7847"
}
]
},
"id": "VAR-201905-1029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "68cf334f-7b3b-4555-bee5-8d20c8febedb"
},
{
"db": "CNVD",
"id": "CNVD-2019-34610"
},
{
"db": "VULHUB",
"id": "VHN-137879"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "68cf334f-7b3b-4555-bee5-8d20c8febedb"
},
{
"db": "CNVD",
"id": "CNVD-2019-34610"
}
]
},
"last_update_date": "2024-11-23T21:52:12.781000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015474"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015474"
},
{
"db": "NVD",
"id": "CVE-2018-7847"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0743"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7847"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0742"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7847"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0743"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0742"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34610"
},
{
"db": "VULHUB",
"id": "VHN-137879"
},
{
"db": "VULMON",
"id": "CVE-2018-7847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015474"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-920"
},
{
"db": "NVD",
"id": "CVE-2018-7847"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "68cf334f-7b3b-4555-bee5-8d20c8febedb"
},
{
"db": "CNVD",
"id": "CNVD-2019-34610"
},
{
"db": "VULHUB",
"id": "VHN-137879"
},
{
"db": "VULMON",
"id": "CVE-2018-7847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015474"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-920"
},
{
"db": "NVD",
"id": "CVE-2018-7847"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "IVD",
"id": "68cf334f-7b3b-4555-bee5-8d20c8febedb"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34610"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137879"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7847"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015474"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-920"
},
{
"date": "2019-05-22T20:29:01.697000",
"db": "NVD",
"id": "CVE-2018-7847"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34610"
},
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-137879"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7847"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015474"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-920"
},
{
"date": "2024-11-21T04:12:52.250000",
"db": "NVD",
"id": "CVE-2018-7847"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-920"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Access control vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015474"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-920"
}
],
"trust": 0.6
}
}
var-201905-1027
Vulnerability from variot
A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus. plural Modicon The product contains an out-of-bounds vulnerability.Information may be obtained. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
Multiple Schneider Electric products have buffer overflow vulnerabilities that could be exploited by an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1027",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0"
},
{
"db": "CNVD",
"id": "CNVD-2019-34829"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015478"
},
{
"db": "NVD",
"id": "CVE-2018-7845"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015478"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-918"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7845",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34829",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137877",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7845",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7845",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7845",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-34829",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-918",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137877",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7845",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0"
},
{
"db": "CNVD",
"id": "CNVD-2019-34829"
},
{
"db": "VULHUB",
"id": "VHN-137877"
},
{
"db": "VULMON",
"id": "CVE-2018-7845"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015478"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-918"
},
{
"db": "NVD",
"id": "CVE-2018-7845"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus. plural Modicon The product contains an out-of-bounds vulnerability.Information may be obtained. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nMultiple Schneider Electric products have buffer overflow vulnerabilities that could be exploited by an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7845"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015478"
},
{
"db": "CNVD",
"id": "CNVD-2019-34829"
},
{
"db": "IVD",
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0"
},
{
"db": "VULHUB",
"id": "VHN-137877"
},
{
"db": "VULMON",
"id": "CVE-2018-7845"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7845",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2018-0745",
"trust": 1.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-918",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-34829",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015478",
"trust": 0.8
},
{
"db": "IVD",
"id": "292A6AF5-A48A-4485-A9C5-805CC5BD52E0",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137877",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7845",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0"
},
{
"db": "CNVD",
"id": "CNVD-2019-34829"
},
{
"db": "VULHUB",
"id": "VHN-137877"
},
{
"db": "VULMON",
"id": "CVE-2018-7845"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015478"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-918"
},
{
"db": "NVD",
"id": "CVE-2018-7845"
}
]
},
"id": "VAR-201905-1027",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0"
},
{
"db": "CNVD",
"id": "CNVD-2019-34829"
},
{
"db": "VULHUB",
"id": "VHN-137877"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0"
},
{
"db": "CNVD",
"id": "CNVD-2019-34829"
}
]
},
"last_update_date": "2024-11-23T21:52:16.470000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yanissec/CVE-2018-7845 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7845"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015478"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137877"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015478"
},
{
"db": "NVD",
"id": "CVE-2018-7845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7845"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0745"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7845"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0745"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://github.com/yanissec/cve-2018-7845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34829"
},
{
"db": "VULHUB",
"id": "VHN-137877"
},
{
"db": "VULMON",
"id": "CVE-2018-7845"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015478"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-918"
},
{
"db": "NVD",
"id": "CVE-2018-7845"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0"
},
{
"db": "CNVD",
"id": "CNVD-2019-34829"
},
{
"db": "VULHUB",
"id": "VHN-137877"
},
{
"db": "VULMON",
"id": "CVE-2018-7845"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015478"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-918"
},
{
"db": "NVD",
"id": "CVE-2018-7845"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "IVD",
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34829"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137877"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7845"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015478"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-918"
},
{
"date": "2019-05-22T20:29:01.620000",
"db": "NVD",
"id": "CVE-2018-7845"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34829"
},
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-137877"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7845"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015478"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-918"
},
{
"date": "2024-11-21T04:12:52.027000",
"db": "NVD",
"id": "CVE-2018-7845"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-918"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Product out-of-bounds vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015478"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "292a6af5-a48a-4485-a9c5-805cc5bd52e0"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-918"
}
],
"trust": 0.8
}
}
var-201910-0578
Vulnerability from variot
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol. plural Modicon The product contains a vulnerability related to clear transmission of important information.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0578",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxmcpc512k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc768k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc003m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpf008m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp384k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmcpc002m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc01m7",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfp0128p2",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpp384k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc002m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfp064p2",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp512k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp004m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc448k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp224k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp001m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc007m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpf004m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmfpp002m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpc001m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxmrpp224k",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmcpc002m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmcpc512k",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmfpp001m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmfpp002m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmfpp004m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmfpp512k",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmrpc001m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxmrpc002m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011481"
},
{
"db": "NVD",
"id": "CVE-2019-6845"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfp0128p2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfp0128p2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfp0128p2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfp0128p2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfp064p2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfp064p2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfp064p2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfp064p2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp224k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp224k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp224k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp224k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp384k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp384k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp384k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp384k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc448k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc448k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc448k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc448k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpp224k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpp224k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpp224k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpp224k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpp384k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpp384k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:tsxmrpp384k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxmrpp384k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6845"
}
]
},
"cve": "CVE-2019-6845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6845",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6845",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6845",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6845",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1705",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011481"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1705"
},
{
"db": "NVD",
"id": "CVE-2019-6845"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol. plural Modicon The product contains a vulnerability related to clear transmission of important information.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6845"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011481"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6845",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-281-03",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011481",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1705",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011481"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1705"
},
{
"db": "NVD",
"id": "CVE-2019-6845"
}
]
},
"id": "VAR-201910-0578",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.634316675
},
"last_update_date": "2022-05-04T08:53:20.771000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-281-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-03"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011481"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011481"
},
{
"db": "NVD",
"id": "CVE-2019-6845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6845"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6845"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011481"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1705"
},
{
"db": "NVD",
"id": "CVE-2019-6845"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011481"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1705"
},
{
"db": "NVD",
"id": "CVE-2019-6845"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011481"
},
{
"date": "2019-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1705"
},
{
"date": "2019-10-29T19:15:00",
"db": "NVD",
"id": "CVE-2019-6845"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011481"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1705"
},
{
"date": "2022-02-03T16:08:00",
"db": "NVD",
"id": "CVE-2019-6845"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1705"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to clear transmission of important information in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011481"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1705"
}
],
"trust": 0.6
}
}
var-201905-1032
Vulnerability from variot
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software. plural Modicon The product contains an input validation vulnerability.Information may be obtained. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
Several Schneider Electric products have input validation error vulnerabilities. An attacker could use this vulnerability to display invalid information. The following products and versions are affected: Schneider Electric Modicon M580 (all versions), Modicon M340 (all versions), Modicon Quantum (all versions), Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "196b5312-6da9-464b-9c10-51d6fda55541"
},
{
"db": "CNVD",
"id": "CNVD-2019-34611"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015471"
},
{
"db": "NVD",
"id": "CVE-2018-7850"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015471"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-923"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7850",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7850",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34611",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "196b5312-6da9-464b-9c10-51d6fda55541",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137882",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7850",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7850",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7850",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7850",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-34611",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-923",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "196b5312-6da9-464b-9c10-51d6fda55541",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137882",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "196b5312-6da9-464b-9c10-51d6fda55541"
},
{
"db": "CNVD",
"id": "CNVD-2019-34611"
},
{
"db": "VULHUB",
"id": "VHN-137882"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015471"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-923"
},
{
"db": "NVD",
"id": "CVE-2018-7850"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software. plural Modicon The product contains an input validation vulnerability.Information may be obtained. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nSeveral Schneider Electric products have input validation error vulnerabilities. An attacker could use this vulnerability to display invalid information. The following products and versions are affected: Schneider Electric Modicon M580 (all versions), Modicon M340 (all versions), Modicon Quantum (all versions), Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7850"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015471"
},
{
"db": "CNVD",
"id": "CNVD-2019-34611"
},
{
"db": "IVD",
"id": "196b5312-6da9-464b-9c10-51d6fda55541"
},
{
"db": "VULHUB",
"id": "VHN-137882"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7850",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2018-0743",
"trust": 1.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201905-923",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-34611",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015471",
"trust": 0.8
},
{
"db": "IVD",
"id": "196B5312-6DA9-464B-9C10-51D6FDA55541",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137882",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "196b5312-6da9-464b-9c10-51d6fda55541"
},
{
"db": "CNVD",
"id": "CNVD-2019-34611"
},
{
"db": "VULHUB",
"id": "VHN-137882"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015471"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-923"
},
{
"db": "NVD",
"id": "CVE-2018-7850"
}
]
},
"id": "VAR-201905-1032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "196b5312-6da9-464b-9c10-51d6fda55541"
},
{
"db": "CNVD",
"id": "CNVD-2019-34611"
},
{
"db": "VULHUB",
"id": "VHN-137882"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "196b5312-6da9-464b-9c10-51d6fda55541"
},
{
"db": "CNVD",
"id": "CNVD-2019-34611"
}
]
},
"last_update_date": "2024-11-23T21:52:12.525000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015471"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137882"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015471"
},
{
"db": "NVD",
"id": "CVE-2018-7850"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7850"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.7,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0743"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7850"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0743"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34611"
},
{
"db": "VULHUB",
"id": "VHN-137882"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015471"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-923"
},
{
"db": "NVD",
"id": "CVE-2018-7850"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "196b5312-6da9-464b-9c10-51d6fda55541"
},
{
"db": "CNVD",
"id": "CNVD-2019-34611"
},
{
"db": "VULHUB",
"id": "VHN-137882"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015471"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-923"
},
{
"db": "NVD",
"id": "CVE-2018-7850"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "IVD",
"id": "196b5312-6da9-464b-9c10-51d6fda55541"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34611"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137882"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015471"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-923"
},
{
"date": "2019-05-22T20:29:01.823000",
"db": "NVD",
"id": "CVE-2018-7850"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34611"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137882"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015471"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-923"
},
{
"date": "2024-11-21T04:12:52.597000",
"db": "NVD",
"id": "CVE-2018-7850"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-923"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015471"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "196b5312-6da9-464b-9c10-51d6fda55541"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-923"
}
],
"trust": 0.8
}
}
var-201804-1268
Vulnerability from variot
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. plural Schneider Electric The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\Modicon Quantum\Modicon M340\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a hard-coded certificate vulnerability that stems from the fact that the FTP server contains a hard-coded account that allows an attacker to exploit the vulnerability to perform unauthorized access. Multiple Schneider Electric Modicon products are prone to a remote security vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The vulnerability stems from the presence of hard-coded accounts in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1268",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxp57554m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412uc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412u",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 pac",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "140cpu65160c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5724m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5744mc",
"version": null
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon bmxnor0200",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412uc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5744m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5724mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412u",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160s",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "BID",
"id": "103542"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnor0200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_m340",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_premium",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_quantum_plc",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nikita Maximov (Positive Technologies)",
"sources": [
{
"db": "BID",
"id": "103542"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7241",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-06520",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-137273",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7241",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7241",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7241",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06520",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-999",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137273",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-7241",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hard coded accounts exist in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. plural Schneider Electric The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\\\Modicon Quantum\\\\Modicon M340\\\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a hard-coded certificate vulnerability that stems from the fact that the FTP server contains a hard-coded account that allows an attacker to exploit the vulnerability to perform unauthorized access. Multiple Schneider Electric Modicon products are prone to a remote security vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The vulnerability stems from the presence of hard-coded accounts in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7241"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "BID",
"id": "103542"
},
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "VULMON",
"id": "CVE-2018-7241"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7241",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-086-01",
"trust": 3.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-081-01",
"trust": 2.1
},
{
"db": "BID",
"id": "103542",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06520",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "39226",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2E9E141-39AB-11E9-89D4-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137273",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7241",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"db": "BID",
"id": "103542"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"id": "VAR-201804-1268",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "VULHUB",
"id": "VHN-137273"
}
],
"trust": 1.7565656666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
}
]
},
"last_update_date": "2024-11-23T22:45:23.704000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Notification - Embedded FTP Servers for Modicon",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
},
{
"title": "Multiple Schneider Electric Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79469"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-086-01"
},
{
"trust": 2.1,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-081-01/"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/103542"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7241"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7241"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39226"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"db": "BID",
"id": "103542"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"db": "BID",
"id": "103542"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137273"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103542"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"date": "2018-04-18T20:29:00.327000",
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"date": "2018-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-137273"
},
{
"date": "2018-12-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103542"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"date": "2018-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"date": "2024-11-21T04:11:51.557000",
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
}
],
"trust": 0.6
}
}
var-201910-0577
Vulnerability from variot
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric.
A denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0577",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon 140cra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon bmxcra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon 140cra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon bmxcra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon bmxcra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon 140cra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon bmxcra",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon 140cra",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129"
},
{
"db": "CNVD",
"id": "CNVD-2019-41495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011435"
},
{
"db": "NVD",
"id": "CVE-2019-6844"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_140cra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_bmxcra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011435"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-426"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6844",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-6844",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-41495",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2019-6844",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6844",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6844",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6844",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-41495",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-426",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129"
},
{
"db": "CNVD",
"id": "CNVD-2019-41495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011435"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-426"
},
{
"db": "NVD",
"id": "CVE-2019-6844"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric. \n\nA denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6844"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011435"
},
{
"db": "CNVD",
"id": "CNVD-2019-41495"
},
{
"db": "IVD",
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6844",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-281-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2019-41495",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-426",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011435",
"trust": 0.8
},
{
"db": "TALOS",
"id": "TALOS-2019-0825",
"trust": 0.6
},
{
"db": "IVD",
"id": "CFD6314C-082A-422C-9DC3-EE3E10EB3129",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129"
},
{
"db": "CNVD",
"id": "CNVD-2019-41495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011435"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-426"
},
{
"db": "NVD",
"id": "CVE-2019-6844"
}
]
},
"id": "VAR-201910-0577",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129"
},
{
"db": "CNVD",
"id": "CNVD-2019-41495"
}
],
"trust": 1.7978355000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129"
},
{
"db": "CNVD",
"id": "CNVD-2019-41495"
}
]
},
"last_update_date": "2024-11-23T21:36:37.696000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-281-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
},
{
"title": "Patch for Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of Service Vulnerability (CNVD-2019-41495)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/190775"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011435"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011435"
},
{
"db": "NVD",
"id": "CVE-2019-6844"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6844"
},
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-281-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6844"
},
{
"trust": 0.6,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-02"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0825"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011435"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-426"
},
{
"db": "NVD",
"id": "CVE-2019-6844"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129"
},
{
"db": "CNVD",
"id": "CNVD-2019-41495"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011435"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-426"
},
{
"db": "NVD",
"id": "CVE-2019-6844"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129"
},
{
"date": "2019-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41495"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011435"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-426"
},
{
"date": "2019-10-29T19:15:22.047000",
"db": "NVD",
"id": "CVE-2019-6844"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41495"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011435"
},
{
"date": "2021-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-426"
},
{
"date": "2024-11-21T04:47:15.937000",
"db": "NVD",
"id": "CVE-2019-6844"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-426"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in handling exceptional conditions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011435"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "cfd6314c-082a-422c-9dc3-ee3e10eb3129"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-426"
}
],
"trust": 0.8
}
}
var-201909-0044
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009442"
},
{
"db": "NVD",
"id": "CVE-2019-6828"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009442"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-936"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6828",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6828",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158263",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6828",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6828",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6828",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6828",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-936",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158263",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158263"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009442"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-936"
},
{
"db": "NVD",
"id": "CVE-2019-6828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6828"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009442"
},
{
"db": "VULHUB",
"id": "VHN-158263"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6828",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009442",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-936",
"trust": 0.7
},
{
"db": "TALOS",
"id": "TALOS-2019-0806",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158263",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158263"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009442"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-936"
},
{
"db": "NVD",
"id": "CVE-2019-6828"
}
]
},
"id": "VAR-201909-0044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158263"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:52:16.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009442"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.9
},
{
"problemtype": "CWE-248",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158263"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009442"
},
{
"db": "NVD",
"id": "CVE-2019-6828"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6828"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6828"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0806"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158263"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009442"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-936"
},
{
"db": "NVD",
"id": "CVE-2019-6828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158263"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009442"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-936"
},
{
"db": "NVD",
"id": "CVE-2019-6828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158263"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009442"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-936"
},
{
"date": "2019-09-17T20:15:12.140000",
"db": "NVD",
"id": "CVE-2019-6828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158263"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009442"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-936"
},
{
"date": "2024-11-21T04:47:14.033000",
"db": "NVD",
"id": "CVE-2019-6828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-936"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in handling exceptional conditions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009442"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-936"
}
],
"trust": 0.6
}
}
var-201905-1033
Vulnerability from variot
CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability. plural Modicon The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon M340 is a medium-range PLC (Programmable Logic Controller) for industrial processes and infrastructure. A buffer overflow vulnerability exists in several Schneider Electric products that can be exploited by an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1033",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.50"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmx\\/e cra",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.40"
},
{
"model": "140cra312xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": "140cra312xxx",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxcra312xx",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2.40"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2.50"
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 140cra312xxx",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v2.50"
},
{
"model": "electric bmxcra312xx",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v2.40"
},
{
"model": "electric modicon m340",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v3.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmx e cra",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cra312xxx",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15197"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015472"
},
{
"db": "NVD",
"id": "CVE-2018-7851"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:140cra312xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmx%2fe_cra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015472"
}
]
},
"cve": "CVE-2018-7851",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-7851",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-15197",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-137883",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7851",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7851",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7851",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7851",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-15197",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-924",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137883",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15197"
},
{
"db": "VULHUB",
"id": "VHN-137883"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015472"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-924"
},
{
"db": "NVD",
"id": "CVE-2018-7851"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability. plural Modicon The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon M340 is a medium-range PLC (Programmable Logic Controller) for industrial processes and infrastructure. A buffer overflow vulnerability exists in several Schneider Electric products that can be exploited by an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7851"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015472"
},
{
"db": "CNVD",
"id": "CNVD-2019-15197"
},
{
"db": "IVD",
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed"
},
{
"db": "VULHUB",
"id": "VHN-137883"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7851",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-10",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201905-924",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-15197",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015472",
"trust": 0.8
},
{
"db": "IVD",
"id": "7F337D34-58C3-4E10-A083-C50E708AF9ED",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137883",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15197"
},
{
"db": "VULHUB",
"id": "VHN-137883"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015472"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-924"
},
{
"db": "NVD",
"id": "CVE-2018-7851"
}
]
},
"id": "VAR-201905-1033",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15197"
},
{
"db": "VULHUB",
"id": "VHN-137883"
}
],
"trust": 1.7470346339999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15197"
}
]
},
"last_update_date": "2024-11-23T21:37:17.620000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-10",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/"
},
{
"title": "Patch for multiple Schneider Electric product buffer overflow vulnerabilities (CNVD-2019-15197)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/162069"
},
{
"title": "Multiple Schneider Electric Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15197"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015472"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-924"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137883"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015472"
},
{
"db": "NVD",
"id": "CVE-2018-7851"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-10/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7851"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7851"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2018-7851"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15197"
},
{
"db": "VULHUB",
"id": "VHN-137883"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015472"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-924"
},
{
"db": "NVD",
"id": "CVE-2018-7851"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15197"
},
{
"db": "VULHUB",
"id": "VHN-137883"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015472"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-924"
},
{
"db": "NVD",
"id": "CVE-2018-7851"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-24T00:00:00",
"db": "IVD",
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15197"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137883"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015472"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-924"
},
{
"date": "2019-05-22T20:29:01.853000",
"db": "NVD",
"id": "CVE-2018-7851"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15197"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137883"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015472"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-924"
},
{
"date": "2024-11-21T04:12:52.710000",
"db": "NVD",
"id": "CVE-2018-7851"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-924"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015472"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "7f337d34-58c3-4e10-a083-c50e708af9ed"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-924"
}
],
"trust": 0.8
}
}
var-201905-1035
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Security vulnerabilities exist in several Schneider Electric products. An attacker could exploit the vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15891"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015463"
},
{
"db": "NVD",
"id": "CVE-2018-7853"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015463"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-937"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7853",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7853",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15891",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137885",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7853",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7853",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7853",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7853",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-15891",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-937",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137885",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15891"
},
{
"db": "VULHUB",
"id": "VHN-137885"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015463"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-937"
},
{
"db": "NVD",
"id": "CVE-2018-7853"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Security vulnerabilities exist in several Schneider Electric products. An attacker could exploit the vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7853"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015463"
},
{
"db": "CNVD",
"id": "CNVD-2019-15891"
},
{
"db": "IVD",
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6"
},
{
"db": "VULHUB",
"id": "VHN-137885"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7853",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2019-0764",
"trust": 1.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2019-15891",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-937",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015463",
"trust": 0.8
},
{
"db": "IVD",
"id": "2ECF2F86-D7F7-4872-83D6-A437FA3757C6",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137885",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15891"
},
{
"db": "VULHUB",
"id": "VHN-137885"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015463"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-937"
},
{
"db": "NVD",
"id": "CVE-2018-7853"
}
]
},
"id": "VAR-201905-1035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15891"
},
{
"db": "VULHUB",
"id": "VHN-137885"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15891"
}
]
},
"last_update_date": "2024-11-23T21:52:12.637000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015463"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137885"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015463"
},
{
"db": "NVD",
"id": "CVE-2018-7853"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.7,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0764"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7853"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7853"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2018-7853"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0764"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15891"
},
{
"db": "VULHUB",
"id": "VHN-137885"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015463"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-937"
},
{
"db": "NVD",
"id": "CVE-2018-7853"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15891"
},
{
"db": "VULHUB",
"id": "VHN-137885"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015463"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-937"
},
{
"db": "NVD",
"id": "CVE-2018-7853"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "IVD",
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6"
},
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15891"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137885"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015463"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-937"
},
{
"date": "2019-05-22T21:29:00.370000",
"db": "NVD",
"id": "CVE-2018-7853"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15891"
},
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-137885"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015463"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-937"
},
{
"date": "2024-11-21T04:12:52.947000",
"db": "NVD",
"id": "CVE-2018-7853"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-937"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to exceptional condition checking in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015463"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "2ecf2f86-d7f7-4872-83d6-a437fa3757c6"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-937"
}
],
"trust": 0.8
}
}
var-202304-1259
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user. Modicon M580 firmware, Modicon M340 firmware, modicon momentum unity m1e processor firmware etc. Schneider Electric The product contains an exceptional state check vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580 is a programmable automation controller produced by French Schneider Electric (Schneider Electric).
Schneider Electric Modicon M580 versions prior to V4.10 and Modicon M340 CPU versions prior to 3.51 have a code problem vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-1259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmep58s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmeh58s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.51"
},
{
"model": "modicon momentum unity m1e processor",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp57",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140cpu65",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "4.10"
},
{
"model": "modicon mc80",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon momentum unity m1e processor",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon mc80",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmeh58s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmep58s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m580",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "4.10"
},
{
"model": "electric modicon m340",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.51"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-40172"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008735"
},
{
"db": "NVD",
"id": "CVE-2023-25620"
}
]
},
"cve": "CVE-2023-25620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-40172",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2023-25620",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-25620",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-25620",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2023-25620",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-25620",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2023-40172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-1649",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-40172"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008735"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1649"
},
{
"db": "NVD",
"id": "CVE-2023-25620"
},
{
"db": "NVD",
"id": "CVE-2023-25620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\n\n\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when a malicious project file is loaded onto the\ncontroller by an authenticated user. Modicon M580 firmware, Modicon M340 firmware, modicon momentum unity m1e processor firmware etc. Schneider Electric The product contains an exceptional state check vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580 is a programmable automation controller produced by French Schneider Electric (Schneider Electric). \n\r\n\r\nSchneider Electric Modicon M580 versions prior to V4.10 and Modicon M340 CPU versions prior to 3.51 have a code problem vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-25620"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008735"
},
{
"db": "CNVD",
"id": "CNVD-2023-40172"
},
{
"db": "VULMON",
"id": "CVE-2023-25620"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-25620",
"trust": 3.9
},
{
"db": "SCHNEIDER",
"id": "SEVD-2023-101-05",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008735",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-40172",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1649",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-25620",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-40172"
},
{
"db": "VULMON",
"id": "CVE-2023-25620"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008735"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1649"
},
{
"db": "NVD",
"id": "CVE-2023-25620"
}
]
},
"id": "VAR-202304-1259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-40172"
}
],
"trust": 1.5935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-40172"
}
]
},
"last_update_date": "2024-08-14T13:20:52.345000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Modicon M580, Modicon M340 Code Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/428636"
},
{
"title": "Schneider Electric Modicon M580 Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=235299"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-40172"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1649"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.0
},
{
"problemtype": "Improper checking in exceptional conditions (CWE-754) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-008735"
},
{
"db": "NVD",
"id": "CVE-2023-25620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-101-05\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-101-05.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25620"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-25620/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/754.html"
},
{
"trust": 0.1,
"url": "https://https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-101-05\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-101-05.pdf"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-40172"
},
{
"db": "VULMON",
"id": "CVE-2023-25620"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008735"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1649"
},
{
"db": "NVD",
"id": "CVE-2023-25620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-40172"
},
{
"db": "VULMON",
"id": "CVE-2023-25620"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008735"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1649"
},
{
"db": "NVD",
"id": "CVE-2023-25620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-40172"
},
{
"date": "2023-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2023-25620"
},
{
"date": "2023-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-008735"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1649"
},
{
"date": "2023-04-19T09:15:07.457000",
"db": "NVD",
"id": "CVE-2023-25620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-40172"
},
{
"date": "2023-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2023-25620"
},
{
"date": "2023-12-04T01:49:00",
"db": "JVNDB",
"id": "JVNDB-2023-008735"
},
{
"date": "2023-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1649"
},
{
"date": "2023-05-12T05:15:16.990000",
"db": "NVD",
"id": "CVE-2023-25620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1649"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Product Exceptional State Check Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-008735"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1649"
}
],
"trust": 0.6
}
}
var-201905-0030
Vulnerability from variot
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus. plural Modicon The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. An access control error vulnerability exists in several Schneider Electric products. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0030",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "modicon quantum",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004755"
},
{
"db": "NVD",
"id": "CVE-2019-6808"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004755"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-945"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6808",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158243",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6808",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6808",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6808",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6808",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-945",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158243",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6808",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158243"
},
{
"db": "VULMON",
"id": "CVE-2019-6808"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004755"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-945"
},
{
"db": "NVD",
"id": "CVE-2019-6808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus. plural Modicon The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. An access control error vulnerability exists in several Schneider Electric products. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6808"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004755"
},
{
"db": "VULHUB",
"id": "VHN-158243"
},
{
"db": "VULMON",
"id": "CVE-2019-6808"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6808",
"trust": 2.6
},
{
"db": "TALOS",
"id": "TALOS-2019-0771",
"trust": 1.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004755",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-945",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158243",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6808",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158243"
},
{
"db": "VULMON",
"id": "CVE-2019-6808"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004755"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-945"
},
{
"db": "NVD",
"id": "CVE-2019-6808"
}
]
},
"id": "VAR-201905-0030",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158243"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:52:16.555000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004755"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158243"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004755"
},
{
"db": "NVD",
"id": "CVE-2019-6808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0771"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6808"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6808"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0771"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158243"
},
{
"db": "VULMON",
"id": "CVE-2019-6808"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004755"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-945"
},
{
"db": "NVD",
"id": "CVE-2019-6808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158243"
},
{
"db": "VULMON",
"id": "CVE-2019-6808"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004755"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-945"
},
{
"db": "NVD",
"id": "CVE-2019-6808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-158243"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6808"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004755"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-945"
},
{
"date": "2019-05-22T21:29:00.697000",
"db": "NVD",
"id": "CVE-2019-6808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158243"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6808"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004755"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-945"
},
{
"date": "2024-11-21T04:47:12.017000",
"db": "NVD",
"id": "CVE-2019-6808"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-945"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Access control vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004755"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-945"
}
],
"trust": 0.6
}
}
var-201905-1037
Vulnerability from variot
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015465"
},
{
"db": "NVD",
"id": "CVE-2018-7855"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015465"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-939"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7855",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7855",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137887",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7855",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7855",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7855",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7855",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-939",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137887",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137887"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015465"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-939"
},
{
"db": "NVD",
"id": "CVE-2018-7855"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7855"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015465"
},
{
"db": "VULHUB",
"id": "VHN-137887"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7855",
"trust": 2.5
},
{
"db": "TALOS",
"id": "TALOS-2019-0767",
"trust": 1.7
},
{
"db": "TALOS",
"id": "TALOS-2019-0766",
"trust": 1.7
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015465",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-939",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-137887",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137887"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015465"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-939"
},
{
"db": "NVD",
"id": "CVE-2018-7855"
}
]
},
"id": "VAR-201905-1037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-137887"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:52:12.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015465"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137887"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015465"
},
{
"db": "NVD",
"id": "CVE-2018-7855"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0767"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.7,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0766"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7855"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7855"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0767"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0766"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137887"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015465"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-939"
},
{
"db": "NVD",
"id": "CVE-2018-7855"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-137887"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015465"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-939"
},
{
"db": "NVD",
"id": "CVE-2018-7855"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137887"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015465"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-939"
},
{
"date": "2019-05-22T21:29:00.493000",
"db": "NVD",
"id": "CVE-2018-7855"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-137887"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015465"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-939"
},
{
"date": "2024-11-21T04:12:53.160000",
"db": "NVD",
"id": "CVE-2018-7855"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-939"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to exceptional condition checking in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015465"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-939"
}
],
"trust": 0.6
}
}
var-201304-0151
Vulnerability from variot
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. Schneider Electric Ethernetmokuai has a cross-site request forgery vulnerability that allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions, such as changing passwords, in the context of the target user. The following versions are affected by this vulnerability: Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. The mechanism sent to the PLC via the Modbus command does not require authentication, allowing the attacker to send these messages to perform stop operations, modify I/O data, and so on. Schneider Electric Products are prone to multiple security vulnerabilities. Successfully exploiting these issues allows remote attackers to execute arbitrary code or perform unauthorized actions in the context of the user's session; other attacks are also possible. Note: The denial-of-service vulnerability issue affecting Modicon M340 and the authentication-bypass issue affecting Maagelis XBT HMI were determined not to be vulnerabilities. The following Schneider Electric products are affected: BMX NOE 0110 Modicon M340. Schneider Electric software on customer PCs uses the SESU service as a communication mechanism to the Schneider Electric central update server, which can be used to receive software updates on a regular basis. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Schneider Electric Ethernet Modules Cross-Site Request Forgery Vulnerability
SECUNIA ADVISORY ID: SA52189
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52189/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52189
RELEASE DATE: 2013-02-14
DISCUSS ADVISORY: http://secunia.com/advisories/52189/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52189/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52189
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Schneider Electric Ethernet Modules, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The vulnerability is caused due to the modules allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change credentials when a logged-in administrator visits a specially crafted web page.
Quantum: 140NOE77111 140NOE77101 140NWM10000
M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx
Premium: TSXETY4103 TSXETY5103 TSXWMY100
SOLUTION: No official solution is currently available.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Arthur Gervais.
ORIGINAL ADVISORY: SEVD-2013-023-01: http://download.schneider-electric.com/files?L=en&p=&p_docId=&p_docId=&p_Reference=SEVD%202013-023-01&p_EnDocType=Technical%20paper&p_File_Id=36555639&p_File_Name=SEVD-2013-023-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0151",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon quantum plc",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "140noe77111"
},
{
"model": "modicon quantum plc",
"scope": "eq",
"trust": 2.4,
"vendor": "schneider electric",
"version": "140nwm10000"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "bmxnoe0110x"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "tsxety5103"
},
{
"model": "modicon m340 pac",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoe0110x"
},
{
"model": "modicon premium plc",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxety5103"
},
{
"model": "electric m340 series modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum series modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric premium series modules",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric quantum 140noe77111",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric quantum 140nwm10000",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric premium tsxety5103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric m340 bmxnoe0110x",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "140noe77111",
"scope": null,
"trust": 0.2,
"vendor": "modicon quantum plc",
"version": null
},
{
"model": "140nwm10000",
"scope": null,
"trust": 0.2,
"vendor": "modicon quantum plc",
"version": null
},
{
"model": "bmxnoe0110x",
"scope": null,
"trust": 0.2,
"vendor": "modicon m340",
"version": null
},
{
"model": "tsxety5103",
"scope": null,
"trust": 0.2,
"vendor": "modicon premium",
"version": null
},
{
"model": "electric m340 series modules null",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric modicon quantum series modules null",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric premium series modules null",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "03c08c56-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02842"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002147"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-351"
},
{
"db": "NVD",
"id": "CVE-2013-0664"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_m340",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_premium",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_quantum_plc",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002147"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arthur Gervais",
"sources": [
{
"db": "BID",
"id": "57435"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-351"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0664",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2013-0664",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02842",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "03c08c56-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-60666",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0664",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-0664",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-02842",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-351",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "03c08c56-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-60666",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "03c08c56-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02842"
},
{
"db": "VULHUB",
"id": "VHN-60666"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002147"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-351"
},
{
"db": "NVD",
"id": "CVE-2013-0664"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. Schneider Electric Ethernetmokuai has a cross-site request forgery vulnerability that allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions, such as changing passwords, in the context of the target user. The following versions are affected by this vulnerability: Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. The mechanism sent to the PLC via the Modbus command does not require authentication, allowing the attacker to send these messages to perform stop operations, modify I/O data, and so on. Schneider Electric Products are prone to multiple security vulnerabilities. \nSuccessfully exploiting these issues allows remote attackers to execute arbitrary code or perform unauthorized actions in the context of the user\u0027s session; other attacks are also possible. \nNote: The denial-of-service vulnerability issue affecting Modicon M340 and the authentication-bypass issue affecting Maagelis XBT HMI were determined not to be vulnerabilities. \nThe following Schneider Electric products are affected:\nBMX NOE 0110\nModicon M340. Schneider Electric software on customer PCs uses the SESU service as a communication mechanism to the Schneider Electric central update server, which can be used to receive software updates on a regular basis. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSchneider Electric Ethernet Modules Cross-Site Request Forgery\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA52189\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52189/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52189\n\nRELEASE DATE:\n2013-02-14\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52189/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52189/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52189\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Schneider Electric Ethernet\nModules, which can be exploited by malicious people to conduct\ncross-site request forgery attacks. \n\nThe vulnerability is caused due to the modules allowing users to\nperform certain actions via HTTP requests without performing proper\nvalidity checks to verify the requests. This can be exploited to e.g. \nchange credentials when a logged-in administrator visits a specially\ncrafted web page. \n\nQuantum:\n140NOE77111\n140NOE77101\n140NWM10000\n\nM340:\nBMXNOC0401\nBMXNOE0100x\nBMXNOE011xx\n\nPremium:\nTSXETY4103\nTSXETY5103\nTSXWMY100\n\nSOLUTION:\nNo official solution is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Arthur Gervais. \n\nORIGINAL ADVISORY:\nSEVD-2013-023-01:\nhttp://download.schneider-electric.com/files?L=en\u0026p=\u0026p_docId=\u0026p_docId=\u0026p_Reference=SEVD%202013-023-01\u0026p_EnDocType=Technical%20paper\u0026p_File_Id=36555639\u0026p_File_Name=SEVD-2013-023-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0664"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002147"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02842"
},
{
"db": "BID",
"id": "57435"
},
{
"db": "IVD",
"id": "03c08c56-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60666"
},
{
"db": "PACKETSTORM",
"id": "120311"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0664",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-077-01A",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2013-023-01",
"trust": 2.4
},
{
"db": "BID",
"id": "57435",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201303-351",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02842",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-01138",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "52189",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002147",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-13-077-01",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-13-077-01B",
"trust": 0.3
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-13-016-01",
"trust": 0.3
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-13-016-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "03C08C56-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "8D5791DE-1F35-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60666",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120311",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "03c08c56-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02842"
},
{
"db": "VULHUB",
"id": "VHN-60666"
},
{
"db": "BID",
"id": "57435"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002147"
},
{
"db": "PACKETSTORM",
"id": "120311"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-351"
},
{
"db": "NVD",
"id": "CVE-2013-0664"
}
]
},
"id": "VAR-201304-0151",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "03c08c56-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02842"
},
{
"db": "VULHUB",
"id": "VHN-60666"
}
],
"trust": 2.647619042857143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "03c08c56-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02842"
}
]
},
"last_update_date": "2024-11-23T21:51:40.378000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Important Security Notification - M340, Quantum. and Premium Ethernet communication modules",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_File_Id=36555639\u0026p_File_Name=SEVD-2013-023-01.pdf"
},
{
"title": "SEVD 2013-023-01",
"trust": 0.8,
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"title": "\u30b5\u30dd\u30fc\u30c8",
"trust": 0.8,
"url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
},
{
"title": "Multiple Schneider Electric products incorrectly verify patches for vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/33180"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02842"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002147"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0664"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-077-01a.pdf"
},
{
"trust": 2.2,
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-sevd-2013-023-01.pdf/?filename=sevd-2013-023-01.pdf\u0026reference=sevd-2013-023-01\u0026doctype=technical-paper"
},
{
"trust": 1.7,
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-vulnerability-disclosure-for-quantum-premium-and-m340/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0664"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0664"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/52189/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57435"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-13-016-01.pdf"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/pdf/ics-alert-13-016-01a.pdf"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-077-01.pdf"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-077-01b"
},
{
"trust": 0.1,
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-sevd-2013-023-01.pdf/?filename=sevd-2013-023-01.pdf\u0026amp;reference=sevd-2013-023-01\u0026amp;doctype=technical-paper"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52189"
},
{
"trust": 0.1,
"url": "http://download.schneider-electric.com/files?l=en\u0026p=\u0026p_docid=\u0026p_docid=\u0026p_reference=sevd%202013-023-01\u0026p_endoctype=technical%20paper\u0026p_file_id=36555639\u0026p_file_name=sevd-2013-023-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52189/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02842"
},
{
"db": "VULHUB",
"id": "VHN-60666"
},
{
"db": "BID",
"id": "57435"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002147"
},
{
"db": "PACKETSTORM",
"id": "120311"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-351"
},
{
"db": "NVD",
"id": "CVE-2013-0664"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "03c08c56-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"db": "CNVD",
"id": "CNVD-2013-02842"
},
{
"db": "VULHUB",
"id": "VHN-60666"
},
{
"db": "BID",
"id": "57435"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002147"
},
{
"db": "PACKETSTORM",
"id": "120311"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-351"
},
{
"db": "NVD",
"id": "CVE-2013-0664"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-11T00:00:00",
"db": "IVD",
"id": "03c08c56-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-21T00:00:00",
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"date": "2013-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02842"
},
{
"date": "2013-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-60666"
},
{
"date": "2013-01-16T00:00:00",
"db": "BID",
"id": "57435"
},
{
"date": "2013-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002147"
},
{
"date": "2013-02-14T01:37:18",
"db": "PACKETSTORM",
"id": "120311"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-351"
},
{
"date": "2013-04-04T11:58:49.823000",
"db": "NVD",
"id": "CVE-2013-0664"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01138"
},
{
"date": "2013-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02842"
},
{
"date": "2013-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-60666"
},
{
"date": "2015-03-19T09:43:00",
"db": "BID",
"id": "57435"
},
{
"date": "2013-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002147"
},
{
"date": "2013-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-351"
},
{
"date": "2024-11-21T01:47:58.130000",
"db": "NVD",
"id": "CVE-2013-0664"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-351"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Ethernet Modules Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8d5791de-1f35-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01138"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-351"
}
],
"trust": 0.6
}
}
var-201905-1034
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus. plural Modicon The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1f25f725-8d90-42d9-88a6-46032a995985"
},
{
"db": "CNVD",
"id": "CNVD-2019-15198"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015473"
},
{
"db": "NVD",
"id": "CVE-2018-7852"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015473"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-925"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7852",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15198",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "1f25f725-8d90-42d9-88a6-46032a995985",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137884",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7852",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7852",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7852",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7852",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-15198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-925",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "1f25f725-8d90-42d9-88a6-46032a995985",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137884",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7852",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1f25f725-8d90-42d9-88a6-46032a995985"
},
{
"db": "CNVD",
"id": "CNVD-2019-15198"
},
{
"db": "VULHUB",
"id": "VHN-137884"
},
{
"db": "VULMON",
"id": "CVE-2018-7852"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015473"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-925"
},
{
"db": "NVD",
"id": "CVE-2018-7852"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus. plural Modicon The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7852"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015473"
},
{
"db": "CNVD",
"id": "CNVD-2019-15198"
},
{
"db": "IVD",
"id": "1f25f725-8d90-42d9-88a6-46032a995985"
},
{
"db": "VULHUB",
"id": "VHN-137884"
},
{
"db": "VULMON",
"id": "CVE-2018-7852"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7852",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 2.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0763",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-925",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-15198",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015473",
"trust": 0.8
},
{
"db": "IVD",
"id": "1F25F725-8D90-42D9-88A6-46032A995985",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137884",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7852",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1f25f725-8d90-42d9-88a6-46032a995985"
},
{
"db": "CNVD",
"id": "CNVD-2019-15198"
},
{
"db": "VULHUB",
"id": "VHN-137884"
},
{
"db": "VULMON",
"id": "CVE-2018-7852"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015473"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-925"
},
{
"db": "NVD",
"id": "CVE-2018-7852"
}
]
},
"id": "VAR-201905-1034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1f25f725-8d90-42d9-88a6-46032a995985"
},
{
"db": "CNVD",
"id": "CNVD-2019-15198"
},
{
"db": "VULHUB",
"id": "VHN-137884"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1f25f725-8d90-42d9-88a6-46032a995985"
},
{
"db": "CNVD",
"id": "CNVD-2019-15198"
}
]
},
"last_update_date": "2024-11-23T21:52:12.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yanissec/CVE-2018-7852 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7852"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015473"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137884"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015473"
},
{
"db": "NVD",
"id": "CVE-2018-7852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0763"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7852"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7852"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2018-7852"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0763"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://github.com/yanissec/cve-2018-7852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15198"
},
{
"db": "VULHUB",
"id": "VHN-137884"
},
{
"db": "VULMON",
"id": "CVE-2018-7852"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015473"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-925"
},
{
"db": "NVD",
"id": "CVE-2018-7852"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1f25f725-8d90-42d9-88a6-46032a995985"
},
{
"db": "CNVD",
"id": "CNVD-2019-15198"
},
{
"db": "VULHUB",
"id": "VHN-137884"
},
{
"db": "VULMON",
"id": "CVE-2018-7852"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015473"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-925"
},
{
"db": "NVD",
"id": "CVE-2018-7852"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-24T00:00:00",
"db": "IVD",
"id": "1f25f725-8d90-42d9-88a6-46032a995985"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15198"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137884"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7852"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015473"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-925"
},
{
"date": "2019-05-22T20:29:01.900000",
"db": "NVD",
"id": "CVE-2018-7852"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15198"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137884"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7852"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015473"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-925"
},
{
"date": "2024-11-21T04:12:52.833000",
"db": "NVD",
"id": "CVE-2018-7852"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-925"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015473"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "1f25f725-8d90-42d9-88a6-46032a995985"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-925"
}
],
"trust": 0.8
}
}
var-201804-1269
Vulnerability from variot
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. plural Schneider Electric The product contains a vulnerability related to cryptographic strength.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\Modicon Quantum\Modicon M340\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a weak encryption algorithm vulnerability that stems from the fact that the FTP server does not limit the length of the command parameters, which can cause buffer overflows. Multiple Schneider Electric Modicon products are prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxp57554m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412uc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412u",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 pac",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "140cpu65160c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5724m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5744mc",
"version": null
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon bmxnor0200",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412uc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5744m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5724mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412u",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160s",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnor0200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_m340",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_premium",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_quantum_plc",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nikita Maximov (Positive Technologies)",
"sources": [
{
"db": "BID",
"id": "103543"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7242",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-06519",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137274",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7242",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7242",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7242",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06519",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-1000",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137274",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. plural Schneider Electric The product contains a vulnerability related to cryptographic strength.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\\\Modicon Quantum\\\\Modicon M340\\\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a weak encryption algorithm vulnerability that stems from the fact that the FTP server does not limit the length of the command parameters, which can cause buffer overflows. Multiple Schneider Electric Modicon products are prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7242"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137274"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7242",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-086-01",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-081-01",
"trust": 2.0
},
{
"db": "BID",
"id": "103543",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06519",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "39225",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2EA2F5E-39AB-11E9-890E-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137274",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"id": "VAR-201804-1269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
}
],
"trust": 1.7565656666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
}
]
},
"last_update_date": "2024-11-23T22:45:23.622000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Notification - Embedded FTP Servers for Modicon",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
},
{
"title": "Multiple Schneider Electric Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79470"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-086-01"
},
{
"trust": 2.0,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-081-01/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/103543"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7242"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7242"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39225"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137274"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103543"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"date": "2018-04-18T20:29:00.373000",
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"date": "2018-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-137274"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103543"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"date": "2018-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"date": "2024-11-21T04:11:51.740000",
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Vulnerability related to cryptographic strength in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
}
],
"trust": 0.6
}
}
var-201905-1046
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus. plural Modicon The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
Multiple Schneider Electric products have resource management bugs. An attacker could use this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f0fc6464-0d4f-4dbd-86b8-5715c11b44c9"
},
{
"db": "CNVD",
"id": "CNVD-2019-34830"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015477"
},
{
"db": "NVD",
"id": "CVE-2018-7843"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015477"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-917"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7843",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7843",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34830",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "f0fc6464-0d4f-4dbd-86b8-5715c11b44c9",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137875",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7843",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7843",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7843",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7843",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-34830",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-917",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f0fc6464-0d4f-4dbd-86b8-5715c11b44c9",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137875",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7843",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f0fc6464-0d4f-4dbd-86b8-5715c11b44c9"
},
{
"db": "CNVD",
"id": "CNVD-2019-34830"
},
{
"db": "VULHUB",
"id": "VHN-137875"
},
{
"db": "VULMON",
"id": "CVE-2018-7843"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015477"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-917"
},
{
"db": "NVD",
"id": "CVE-2018-7843"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus. plural Modicon The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nMultiple Schneider Electric products have resource management bugs. An attacker could use this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7843"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015477"
},
{
"db": "CNVD",
"id": "CNVD-2019-34830"
},
{
"db": "IVD",
"id": "f0fc6464-0d4f-4dbd-86b8-5715c11b44c9"
},
{
"db": "VULHUB",
"id": "VHN-137875"
},
{
"db": "VULMON",
"id": "CVE-2018-7843"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7843",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0738",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-917",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-34830",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015477",
"trust": 0.8
},
{
"db": "IVD",
"id": "F0FC6464-0D4F-4DBD-86B8-5715C11B44C9",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137875",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7843",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f0fc6464-0d4f-4dbd-86b8-5715c11b44c9"
},
{
"db": "CNVD",
"id": "CNVD-2019-34830"
},
{
"db": "VULHUB",
"id": "VHN-137875"
},
{
"db": "VULMON",
"id": "CVE-2018-7843"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015477"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-917"
},
{
"db": "NVD",
"id": "CVE-2018-7843"
}
]
},
"id": "VAR-201905-1046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f0fc6464-0d4f-4dbd-86b8-5715c11b44c9"
},
{
"db": "CNVD",
"id": "CNVD-2019-34830"
},
{
"db": "VULHUB",
"id": "VHN-137875"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f0fc6464-0d4f-4dbd-86b8-5715c11b44c9"
},
{
"db": "CNVD",
"id": "CNVD-2019-34830"
}
]
},
"last_update_date": "2024-11-23T21:52:12.883000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yanissec/CVE-2018-7843 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7843"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015477"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015477"
},
{
"db": "NVD",
"id": "CVE-2018-7843"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7843"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0738"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7843"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0738"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://github.com/yanissec/cve-2018-7843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34830"
},
{
"db": "VULHUB",
"id": "VHN-137875"
},
{
"db": "VULMON",
"id": "CVE-2018-7843"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015477"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-917"
},
{
"db": "NVD",
"id": "CVE-2018-7843"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f0fc6464-0d4f-4dbd-86b8-5715c11b44c9"
},
{
"db": "CNVD",
"id": "CNVD-2019-34830"
},
{
"db": "VULHUB",
"id": "VHN-137875"
},
{
"db": "VULMON",
"id": "CVE-2018-7843"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015477"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-917"
},
{
"db": "NVD",
"id": "CVE-2018-7843"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "IVD",
"id": "f0fc6464-0d4f-4dbd-86b8-5715c11b44c9"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34830"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137875"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7843"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015477"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-917"
},
{
"date": "2019-05-22T20:29:01.590000",
"db": "NVD",
"id": "CVE-2018-7843"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34830"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137875"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7843"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015477"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-917"
},
{
"date": "2024-11-21T04:12:51.810000",
"db": "NVD",
"id": "CVE-2018-7843"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-917"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Resource management vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015477"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-917"
}
],
"trust": 0.6
}
}
var-201909-0045
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. Modicon M580 and Modicon M340 Contains a vulnerability in handling exceptional conditions.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and Schneider Electric Modicon M340 are products of Schneider Electric. Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure.
There are security vulnerabilities in Schneider Electric Modicon M580 using firmware before V2.90 and Schneider Electric Modicon M340 using firmware before V3.10. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "electric modicon m340",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v3.10"
},
{
"model": "electric modicon m580",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v2.90"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "422fcd15-89fa-4cc7-8516-6f107433b982"
},
{
"db": "CNVD",
"id": "CNVD-2019-38870"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009521"
},
{
"db": "NVD",
"id": "CVE-2019-6829"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009521"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-918"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6829",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6829",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-38870",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "422fcd15-89fa-4cc7-8516-6f107433b982",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6829",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6829",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6829",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6829",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-38870",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-918",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "422fcd15-89fa-4cc7-8516-6f107433b982",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "422fcd15-89fa-4cc7-8516-6f107433b982"
},
{
"db": "CNVD",
"id": "CNVD-2019-38870"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009521"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-918"
},
{
"db": "NVD",
"id": "CVE-2019-6829"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. Modicon M580 and Modicon M340 Contains a vulnerability in handling exceptional conditions.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and Schneider Electric Modicon M340 are products of Schneider Electric. Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. \n\nThere are security vulnerabilities in Schneider Electric Modicon M580 using firmware before V2.90 and Schneider Electric Modicon M340 using firmware before V3.10. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6829"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009521"
},
{
"db": "CNVD",
"id": "CNVD-2019-38870"
},
{
"db": "IVD",
"id": "422fcd15-89fa-4cc7-8516-6f107433b982"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6829",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2019-38870",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-918",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009521",
"trust": 0.8
},
{
"db": "TALOS",
"id": "TALOS-2019-0807",
"trust": 0.6
},
{
"db": "IVD",
"id": "422FCD15-89FA-4CC7-8516-6F107433B982",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "422fcd15-89fa-4cc7-8516-6f107433b982"
},
{
"db": "CNVD",
"id": "CNVD-2019-38870"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009521"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-918"
},
{
"db": "NVD",
"id": "CVE-2019-6829"
}
]
},
"id": "VAR-201909-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "422fcd15-89fa-4cc7-8516-6f107433b982"
},
{
"db": "CNVD",
"id": "CNVD-2019-38870"
}
],
"trust": 1.7935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "422fcd15-89fa-4cc7-8516-6f107433b982"
},
{
"db": "CNVD",
"id": "CNVD-2019-38870"
}
]
},
"last_update_date": "2024-11-23T21:52:12.672000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "Patch for Schneider Electric Modicon M340 and Modicon M580 Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/188179"
},
{
"title": "Schneider Electric Modicon M580 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96603"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38870"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009521"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-918"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.8
},
{
"problemtype": "CWE-248",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009521"
},
{
"db": "NVD",
"id": "CVE-2019-6829"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6829"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6829"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0807"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38870"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009521"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-918"
},
{
"db": "NVD",
"id": "CVE-2019-6829"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "422fcd15-89fa-4cc7-8516-6f107433b982"
},
{
"db": "CNVD",
"id": "CNVD-2019-38870"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009521"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-918"
},
{
"db": "NVD",
"id": "CVE-2019-6829"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-04T00:00:00",
"db": "IVD",
"id": "422fcd15-89fa-4cc7-8516-6f107433b982"
},
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38870"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009521"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-918"
},
{
"date": "2019-09-17T20:15:12.203000",
"db": "NVD",
"id": "CVE-2019-6829"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38870"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009521"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-918"
},
{
"date": "2024-11-21T04:47:14.157000",
"db": "NVD",
"id": "CVE-2019-6829"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-918"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Modicon M580 and Modicon M340 Vulnerabilities related to exceptional state handling",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009521"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "422fcd15-89fa-4cc7-8516-6f107433b982"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-918"
}
],
"trust": 0.8
}
}
var-201910-0576
Vulnerability from variot
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric.
A denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0576",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon 140cra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon bmxcra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon 140cra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon bmxcra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon bmxcra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon 140cra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon bmxcra",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon 140cra",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668"
},
{
"db": "CNVD",
"id": "CNVD-2019-41496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011434"
},
{
"db": "NVD",
"id": "CVE-2019-6843"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_140cra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_bmxcra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011434"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-414"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6843",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-6843",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-41496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2019-6843",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6843",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6843",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6843",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-41496",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-414",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668"
},
{
"db": "CNVD",
"id": "CNVD-2019-41496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011434"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-414"
},
{
"db": "NVD",
"id": "CVE-2019-6843"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric. \n\nA denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6843"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011434"
},
{
"db": "CNVD",
"id": "CNVD-2019-41496"
},
{
"db": "IVD",
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6843",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-281-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2019-41496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-414",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011434",
"trust": 0.8
},
{
"db": "TALOS",
"id": "TALOS-2019-0824",
"trust": 0.6
},
{
"db": "IVD",
"id": "7EAA68F9-E73A-4548-A0C9-A2EB041EC668",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668"
},
{
"db": "CNVD",
"id": "CNVD-2019-41496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011434"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-414"
},
{
"db": "NVD",
"id": "CVE-2019-6843"
}
]
},
"id": "VAR-201910-0576",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668"
},
{
"db": "CNVD",
"id": "CNVD-2019-41496"
}
],
"trust": 1.7978355000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668"
},
{
"db": "CNVD",
"id": "CNVD-2019-41496"
}
]
},
"last_update_date": "2024-11-23T21:36:37.726000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-281-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
},
{
"title": "Patch for Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of Service Vulnerability (CNVD-2019-41496)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/190777"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011434"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011434"
},
{
"db": "NVD",
"id": "CVE-2019-6843"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6843"
},
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-281-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6843"
},
{
"trust": 0.6,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-02"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0824"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011434"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-414"
},
{
"db": "NVD",
"id": "CVE-2019-6843"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668"
},
{
"db": "CNVD",
"id": "CNVD-2019-41496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011434"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-414"
},
{
"db": "NVD",
"id": "CVE-2019-6843"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668"
},
{
"date": "2019-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41496"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011434"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-414"
},
{
"date": "2019-10-29T19:15:21.987000",
"db": "NVD",
"id": "CVE-2019-6843"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41496"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011434"
},
{
"date": "2021-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-414"
},
{
"date": "2024-11-21T04:47:15.820000",
"db": "NVD",
"id": "CVE-2019-6843"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-414"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in handling exceptional conditions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011434"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "7eaa68f9-e73a-4548-a0c9-a2eb041ec668"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-414"
}
],
"trust": 0.8
}
}
var-201905-1045
Vulnerability from variot
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. plural Modicon The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
Multiple Schneider Electric products have vulnerabilities in permissions and access control issues. An attacker could exploit this vulnerability through brute force to elevate privileges. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0621b557-6182-4beb-bfa9-d91bbd70ed5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34831"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015484"
},
{
"db": "NVD",
"id": "CVE-2018-7842"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015484"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-916"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7842",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7842",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34831",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0621b557-6182-4beb-bfa9-d91bbd70ed5b",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137874",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7842",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7842",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7842",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7842",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-34831",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-916",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0621b557-6182-4beb-bfa9-d91bbd70ed5b",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137874",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-7842",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0621b557-6182-4beb-bfa9-d91bbd70ed5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34831"
},
{
"db": "VULHUB",
"id": "VHN-137874"
},
{
"db": "VULMON",
"id": "CVE-2018-7842"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015484"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-916"
},
{
"db": "NVD",
"id": "CVE-2018-7842"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. plural Modicon The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nMultiple Schneider Electric products have vulnerabilities in permissions and access control issues. An attacker could exploit this vulnerability through brute force to elevate privileges. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7842"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015484"
},
{
"db": "CNVD",
"id": "CNVD-2019-34831"
},
{
"db": "IVD",
"id": "0621b557-6182-4beb-bfa9-d91bbd70ed5b"
},
{
"db": "VULHUB",
"id": "VHN-137874"
},
{
"db": "VULMON",
"id": "CVE-2018-7842"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7842",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2018-0741",
"trust": 1.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-916",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-34831",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015484",
"trust": 0.8
},
{
"db": "IVD",
"id": "0621B557-6182-4BEB-BFA9-D91BBD70ED5B",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137874",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7842",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0621b557-6182-4beb-bfa9-d91bbd70ed5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34831"
},
{
"db": "VULHUB",
"id": "VHN-137874"
},
{
"db": "VULMON",
"id": "CVE-2018-7842"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015484"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-916"
},
{
"db": "NVD",
"id": "CVE-2018-7842"
}
]
},
"id": "VAR-201905-1045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0621b557-6182-4beb-bfa9-d91bbd70ed5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34831"
},
{
"db": "VULHUB",
"id": "VHN-137874"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0621b557-6182-4beb-bfa9-d91bbd70ed5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34831"
}
]
},
"last_update_date": "2024-11-23T21:52:12.845000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "CVE-2018-7842",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2018-7842 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7842"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015484"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137874"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015484"
},
{
"db": "NVD",
"id": "CVE-2018-7842"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7842"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0741"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7842"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0741"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/290.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2018-7842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34831"
},
{
"db": "VULHUB",
"id": "VHN-137874"
},
{
"db": "VULMON",
"id": "CVE-2018-7842"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015484"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-916"
},
{
"db": "NVD",
"id": "CVE-2018-7842"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0621b557-6182-4beb-bfa9-d91bbd70ed5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34831"
},
{
"db": "VULHUB",
"id": "VHN-137874"
},
{
"db": "VULMON",
"id": "CVE-2018-7842"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015484"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-916"
},
{
"db": "NVD",
"id": "CVE-2018-7842"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "IVD",
"id": "0621b557-6182-4beb-bfa9-d91bbd70ed5b"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34831"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137874"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7842"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015484"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-916"
},
{
"date": "2019-05-22T20:29:01.557000",
"db": "NVD",
"id": "CVE-2018-7842"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34831"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137874"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7842"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015484"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-916"
},
{
"date": "2024-11-21T04:12:51.697000",
"db": "NVD",
"id": "CVE-2018-7842"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-916"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015484"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-916"
}
],
"trust": 0.6
}
}
var-202406-0502
Vulnerability from variot
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. Schneider Electric of Modicon M340 firmware, BMXNOE0100 firmware, BMXNOE0110 Firmware contains vulnerabilities related to externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructure from Schneider Electric, a French company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"cve": "CVE-2024-5056",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-29560",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5056",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-5056",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5056",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2024-5056",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-5056",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-29560",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem. Schneider Electric of Modicon M340 firmware, BMXNOE0100 firmware, BMXNOE0110 Firmware contains vulnerabilities related to externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructure from Schneider Electric, a French company",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5056"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5056",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2024-163-01",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-29560",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"id": "VAR-202406-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
],
"trust": 1.5935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
]
},
"last_update_date": "2024-08-27T23:03:27.425000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Modicon M340 Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/563691"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-552",
"trust": 1.0
},
{
"problemtype": "Externally accessible file or directory (CWE-552) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2024-163-01\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2024-163-01.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5056"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"date": "2024-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"date": "2024-06-12T12:15:10.233000",
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"date": "2024-08-26T04:43:00",
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"date": "2024-08-23T16:04:14.643000",
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerabilities related to externally accessible files or directories in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
}
],
"trust": 0.8
}
}
var-201905-1038
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1038",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015466"
},
{
"db": "NVD",
"id": "CVE-2018-7856"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015466"
}
]
},
"cve": "CVE-2018-7856",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7856",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137888",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7856",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7856",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7856",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7856",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-941",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137888",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7856",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137888"
},
{
"db": "VULMON",
"id": "CVE-2018-7856"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015466"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-941"
},
{
"db": "NVD",
"id": "CVE-2018-7856"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7856"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015466"
},
{
"db": "VULHUB",
"id": "VHN-137888"
},
{
"db": "VULMON",
"id": "CVE-2018-7856"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7856",
"trust": 2.6
},
{
"db": "TALOS",
"id": "TALOS-2019-0767",
"trust": 1.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015466",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-941",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-137888",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7856",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137888"
},
{
"db": "VULMON",
"id": "CVE-2018-7856"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015466"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-941"
},
{
"db": "NVD",
"id": "CVE-2018-7856"
}
]
},
"id": "VAR-201905-1038",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-137888"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:52:16.584000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "QuickPcap",
"trust": 0.1,
"url": "https://github.com/amit-raut/QuickPcap "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7856"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015466"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137888"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015466"
},
{
"db": "NVD",
"id": "CVE-2018-7856"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0767"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7856"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7856"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0767"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/754.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/amit-raut/quickpcap"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137888"
},
{
"db": "VULMON",
"id": "CVE-2018-7856"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015466"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-941"
},
{
"db": "NVD",
"id": "CVE-2018-7856"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-137888"
},
{
"db": "VULMON",
"id": "CVE-2018-7856"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015466"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-941"
},
{
"db": "NVD",
"id": "CVE-2018-7856"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137888"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7856"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015466"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-941"
},
{
"date": "2019-05-22T21:29:00.527000",
"db": "NVD",
"id": "CVE-2018-7856"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-137888"
},
{
"date": "2019-06-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7856"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015466"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-941"
},
{
"date": "2024-11-21T04:12:53.270000",
"db": "NVD",
"id": "CVE-2018-7856"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-941"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to exceptional condition checking in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015466"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-941"
}
],
"trust": 0.6
}
}
var-201905-0042
Vulnerability from variot
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus. plural Modicon The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "262ff5a7-e7f0-4962-8aee-f3602ad478ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15331"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004753"
},
{
"db": "NVD",
"id": "CVE-2019-6806"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004753"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-943"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6806",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15331",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "262ff5a7-e7f0-4962-8aee-f3602ad478ed",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158241",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6806",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6806",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6806",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6806",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-15331",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-943",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "262ff5a7-e7f0-4962-8aee-f3602ad478ed",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158241",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "262ff5a7-e7f0-4962-8aee-f3602ad478ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15331"
},
{
"db": "VULHUB",
"id": "VHN-158241"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004753"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-943"
},
{
"db": "NVD",
"id": "CVE-2019-6806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus. plural Modicon The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6806"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004753"
},
{
"db": "CNVD",
"id": "CNVD-2019-15331"
},
{
"db": "IVD",
"id": "262ff5a7-e7f0-4962-8aee-f3602ad478ed"
},
{
"db": "VULHUB",
"id": "VHN-158241"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6806",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 2.3
},
{
"db": "TALOS",
"id": "TALOS-2019-0769",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201905-943",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-15331",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004753",
"trust": 0.8
},
{
"db": "IVD",
"id": "262FF5A7-E7F0-4962-8AEE-F3602AD478ED",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158241",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "262ff5a7-e7f0-4962-8aee-f3602ad478ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15331"
},
{
"db": "VULHUB",
"id": "VHN-158241"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004753"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-943"
},
{
"db": "NVD",
"id": "CVE-2019-6806"
}
]
},
"id": "VAR-201905-0042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "262ff5a7-e7f0-4962-8aee-f3602ad478ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15331"
},
{
"db": "VULHUB",
"id": "VHN-158241"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "262ff5a7-e7f0-4962-8aee-f3602ad478ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15331"
}
]
},
"last_update_date": "2024-11-23T21:52:12.462000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004753"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158241"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004753"
},
{
"db": "NVD",
"id": "CVE-2019-6806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.7,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0769"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6806"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6806"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-6806"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0769"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15331"
},
{
"db": "VULHUB",
"id": "VHN-158241"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004753"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-943"
},
{
"db": "NVD",
"id": "CVE-2019-6806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "262ff5a7-e7f0-4962-8aee-f3602ad478ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-15331"
},
{
"db": "VULHUB",
"id": "VHN-158241"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004753"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-943"
},
{
"db": "NVD",
"id": "CVE-2019-6806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-24T00:00:00",
"db": "IVD",
"id": "262ff5a7-e7f0-4962-8aee-f3602ad478ed"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15331"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-158241"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004753"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-943"
},
{
"date": "2019-05-22T21:29:00.603000",
"db": "NVD",
"id": "CVE-2019-6806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15331"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158241"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004753"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-943"
},
{
"date": "2024-11-21T04:47:11.773000",
"db": "NVD",
"id": "CVE-2019-6806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-943"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004753"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-943"
}
],
"trust": 0.6
}
}
var-201905-0029
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Security vulnerabilities exist in several Schneider Electric products. An attacker could exploit the vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae"
},
{
"db": "CNVD",
"id": "CNVD-2019-15737"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004754"
},
{
"db": "NVD",
"id": "CVE-2019-6807"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004754"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-944"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6807",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6807",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15737",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158242",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6807",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6807",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6807",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6807",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-15737",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-944",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158242",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6807",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae"
},
{
"db": "CNVD",
"id": "CNVD-2019-15737"
},
{
"db": "VULHUB",
"id": "VHN-158242"
},
{
"db": "VULMON",
"id": "CVE-2019-6807"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004754"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-944"
},
{
"db": "NVD",
"id": "CVE-2019-6807"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Security vulnerabilities exist in several Schneider Electric products. An attacker could exploit the vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6807"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004754"
},
{
"db": "CNVD",
"id": "CNVD-2019-15737"
},
{
"db": "IVD",
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae"
},
{
"db": "VULHUB",
"id": "VHN-158242"
},
{
"db": "VULMON",
"id": "CVE-2019-6807"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6807",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "TALOS",
"id": "TALOS-2019-0770",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-944",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-15737",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004754",
"trust": 0.8
},
{
"db": "IVD",
"id": "562EB6C3-7BBB-4373-89A4-8E0D764AD4AE",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158242",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6807",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae"
},
{
"db": "CNVD",
"id": "CNVD-2019-15737"
},
{
"db": "VULHUB",
"id": "VHN-158242"
},
{
"db": "VULMON",
"id": "CVE-2019-6807"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004754"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-944"
},
{
"db": "NVD",
"id": "CVE-2019-6807"
}
]
},
"id": "VAR-201905-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae"
},
{
"db": "CNVD",
"id": "CNVD-2019-15737"
},
{
"db": "VULHUB",
"id": "VHN-158242"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae"
},
{
"db": "CNVD",
"id": "CNVD-2019-15737"
}
]
},
"last_update_date": "2024-11-23T21:52:12.600000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004754"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "CWE-754",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158242"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004754"
},
{
"db": "NVD",
"id": "CVE-2019-6807"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0770"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6807"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6807"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-6807"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0770"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15737"
},
{
"db": "VULHUB",
"id": "VHN-158242"
},
{
"db": "VULMON",
"id": "CVE-2019-6807"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004754"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-944"
},
{
"db": "NVD",
"id": "CVE-2019-6807"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae"
},
{
"db": "CNVD",
"id": "CNVD-2019-15737"
},
{
"db": "VULHUB",
"id": "VHN-158242"
},
{
"db": "VULMON",
"id": "CVE-2019-6807"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004754"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-944"
},
{
"db": "NVD",
"id": "CVE-2019-6807"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-29T00:00:00",
"db": "IVD",
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15737"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-158242"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6807"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004754"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-944"
},
{
"date": "2019-05-22T21:29:00.667000",
"db": "NVD",
"id": "CVE-2019-6807"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15737"
},
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-158242"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6807"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004754"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-944"
},
{
"date": "2024-11-21T04:47:11.900000",
"db": "NVD",
"id": "CVE-2019-6807"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-944"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to exceptional condition checking in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "562eb6c3-7bbb-4373-89a4-8e0d764ad4ae"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-944"
}
],
"trust": 0.8
}
}
var-201905-1047
Vulnerability from variot
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus. plural Modicon The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0f067671-d435-462b-a7c3-acb4bebf34b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015469"
},
{
"db": "NVD",
"id": "CVE-2018-7844"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015469"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-936"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7844",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7844",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15330",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0f067671-d435-462b-a7c3-acb4bebf34b6",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137876",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7844",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7844",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7844",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7844",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-15330",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-936",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0f067671-d435-462b-a7c3-acb4bebf34b6",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137876",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7844",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0f067671-d435-462b-a7c3-acb4bebf34b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15330"
},
{
"db": "VULHUB",
"id": "VHN-137876"
},
{
"db": "VULMON",
"id": "CVE-2018-7844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-936"
},
{
"db": "NVD",
"id": "CVE-2018-7844"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus. plural Modicon The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015469"
},
{
"db": "CNVD",
"id": "CNVD-2019-15330"
},
{
"db": "IVD",
"id": "0f067671-d435-462b-a7c3-acb4bebf34b6"
},
{
"db": "VULHUB",
"id": "VHN-137876"
},
{
"db": "VULMON",
"id": "CVE-2018-7844"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7844",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 2.4
},
{
"db": "TALOS",
"id": "TALOS-2018-0739",
"trust": 1.8
},
{
"db": "CNVD",
"id": "CNVD-2019-15330",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-936",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015469",
"trust": 0.8
},
{
"db": "IVD",
"id": "0F067671-D435-462B-A7C3-ACB4BEBF34B6",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137876",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7844",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0f067671-d435-462b-a7c3-acb4bebf34b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15330"
},
{
"db": "VULHUB",
"id": "VHN-137876"
},
{
"db": "VULMON",
"id": "CVE-2018-7844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-936"
},
{
"db": "NVD",
"id": "CVE-2018-7844"
}
]
},
"id": "VAR-201905-1047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0f067671-d435-462b-a7c3-acb4bebf34b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15330"
},
{
"db": "VULHUB",
"id": "VHN-137876"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0f067671-d435-462b-a7c3-acb4bebf34b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15330"
}
]
},
"last_update_date": "2024-11-23T21:52:16.431000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yanissec/CVE-2018-7844 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137876"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015469"
},
{
"db": "NVD",
"id": "CVE-2018-7844"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0739"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7844"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7844"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2018-7844"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0739"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://github.com/yanissec/cve-2018-7844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15330"
},
{
"db": "VULHUB",
"id": "VHN-137876"
},
{
"db": "VULMON",
"id": "CVE-2018-7844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-936"
},
{
"db": "NVD",
"id": "CVE-2018-7844"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0f067671-d435-462b-a7c3-acb4bebf34b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-15330"
},
{
"db": "VULHUB",
"id": "VHN-137876"
},
{
"db": "VULMON",
"id": "CVE-2018-7844"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-936"
},
{
"db": "NVD",
"id": "CVE-2018-7844"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-24T00:00:00",
"db": "IVD",
"id": "0f067671-d435-462b-a7c3-acb4bebf34b6"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15330"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137876"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7844"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015469"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-936"
},
{
"date": "2019-05-22T21:29:00.323000",
"db": "NVD",
"id": "CVE-2018-7844"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15330"
},
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-137876"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7844"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015469"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-936"
},
{
"date": "2024-11-21T04:12:51.913000",
"db": "NVD",
"id": "CVE-2018-7844"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-936"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-936"
}
],
"trust": 0.6
}
}
var-201905-1036
Vulnerability from variot
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Security vulnerabilities exist in several Schneider Electric products. An attacker could exploit the vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45"
},
{
"db": "CNVD",
"id": "CNVD-2019-15744"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015464"
},
{
"db": "NVD",
"id": "CVE-2018-7854"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015464"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-938"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7854",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15744",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137886",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7854",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7854",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7854",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7854",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-15744",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-938",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137886",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7854",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45"
},
{
"db": "CNVD",
"id": "CNVD-2019-15744"
},
{
"db": "VULHUB",
"id": "VHN-137886"
},
{
"db": "VULMON",
"id": "CVE-2018-7854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015464"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-938"
},
{
"db": "NVD",
"id": "CVE-2018-7854"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Security vulnerabilities exist in several Schneider Electric products. An attacker could exploit the vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015464"
},
{
"db": "CNVD",
"id": "CNVD-2019-15744"
},
{
"db": "IVD",
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45"
},
{
"db": "VULHUB",
"id": "VHN-137886"
},
{
"db": "VULMON",
"id": "CVE-2018-7854"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7854",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0765",
"trust": 1.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-938",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-15744",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015464",
"trust": 0.8
},
{
"db": "IVD",
"id": "3CDBE18D-FCA0-40C5-8013-D3B979754D45",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137886",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7854",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45"
},
{
"db": "CNVD",
"id": "CNVD-2019-15744"
},
{
"db": "VULHUB",
"id": "VHN-137886"
},
{
"db": "VULMON",
"id": "CVE-2018-7854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015464"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-938"
},
{
"db": "NVD",
"id": "CVE-2018-7854"
}
]
},
"id": "VAR-201905-1036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45"
},
{
"db": "CNVD",
"id": "CNVD-2019-15744"
},
{
"db": "VULHUB",
"id": "VHN-137886"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45"
},
{
"db": "CNVD",
"id": "CNVD-2019-15744"
}
]
},
"last_update_date": "2024-11-23T21:52:12.562000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yanissec/CVE-2018-7854 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015464"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137886"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015464"
},
{
"db": "NVD",
"id": "CVE-2018-7854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0765"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7854"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7854"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2018-7854"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0765"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/754.html"
},
{
"trust": 0.1,
"url": "https://github.com/yanissec/cve-2018-7854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15744"
},
{
"db": "VULHUB",
"id": "VHN-137886"
},
{
"db": "VULMON",
"id": "CVE-2018-7854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015464"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-938"
},
{
"db": "NVD",
"id": "CVE-2018-7854"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45"
},
{
"db": "CNVD",
"id": "CNVD-2019-15744"
},
{
"db": "VULHUB",
"id": "VHN-137886"
},
{
"db": "VULMON",
"id": "CVE-2018-7854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015464"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-938"
},
{
"db": "NVD",
"id": "CVE-2018-7854"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-29T00:00:00",
"db": "IVD",
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15744"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137886"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7854"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015464"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-938"
},
{
"date": "2019-05-22T21:29:00.447000",
"db": "NVD",
"id": "CVE-2018-7854"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15744"
},
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-137886"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7854"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015464"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-938"
},
{
"date": "2024-11-21T04:12:53.053000",
"db": "NVD",
"id": "CVE-2018-7854"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-938"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to exceptional condition checking in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015464"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "3cdbe18d-fca0-40c5-8013-d3b979754d45"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-938"
}
],
"trust": 0.8
}
}
var-201905-0037
Vulnerability from variot
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. plural Modicon The product contains a vulnerability related to the use of insufficient random values.Information may be obtained. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. There are insufficient random value exploits in Modicon M580/M340/Premium/Quantum. An attacker could exploit this vulnerability to implement TCP connection hijacking when using Ethernet communications. An attacker can exploit this issue to bypass certain security restrictions, obtain sensitive information and perform unauthorized actions; this may aid in launching further attacks. The following Schneider Electric Modicon products are vulnerable: Modicon M580 versions prior to 2.30 Modicon M340 Modicon Premium Modicon Quantum. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.30"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v2.30"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.20"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m580",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.80"
},
{
"model": "modicon m580",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.30"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "264dd250-479d-4b77-9e34-bb3459e250d0"
},
{
"db": "CNVD",
"id": "CNVD-2019-15888"
},
{
"db": "BID",
"id": "108366"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004760"
},
{
"db": "NVD",
"id": "CVE-2019-6821"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004760"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Formby \u0026 Raheem Beyah of Fortiphyd Logic and Georgia Tech.",
"sources": [
{
"db": "BID",
"id": "108366"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-798"
}
],
"trust": 0.9
},
"cve": "CVE-2019-6821",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6821",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6821",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15888",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "264dd250-479d-4b77-9e34-bb3459e250d0",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158256",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6821",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6821",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6821",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6821",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-15888",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-798",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "264dd250-479d-4b77-9e34-bb3459e250d0",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158256",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "264dd250-479d-4b77-9e34-bb3459e250d0"
},
{
"db": "CNVD",
"id": "CNVD-2019-15888"
},
{
"db": "VULHUB",
"id": "VHN-158256"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004760"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-798"
},
{
"db": "NVD",
"id": "CVE-2019-6821"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. plural Modicon The product contains a vulnerability related to the use of insufficient random values.Information may be obtained. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. There are insufficient random value exploits in Modicon M580/M340/Premium/Quantum. An attacker could exploit this vulnerability to implement TCP connection hijacking when using Ethernet communications. \nAn attacker can exploit this issue to bypass certain security restrictions, obtain sensitive information and perform unauthorized actions; this may aid in launching further attacks. \nThe following Schneider Electric Modicon products are vulnerable:\nModicon M580 versions prior to 2.30\nModicon M340\nModicon Premium\nModicon Quantum. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6821"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004760"
},
{
"db": "CNVD",
"id": "CNVD-2019-15888"
},
{
"db": "BID",
"id": "108366"
},
{
"db": "IVD",
"id": "264dd250-479d-4b77-9e34-bb3459e250d0"
},
{
"db": "VULHUB",
"id": "VHN-158256"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6821",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-136-01",
"trust": 2.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-03",
"trust": 2.0
},
{
"db": "BID",
"id": "108366",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201905-798",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-15888",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004760",
"trust": 0.8
},
{
"db": "IVD",
"id": "264DD250-479D-4B77-9E34-BB3459E250D0",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158256",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "264dd250-479d-4b77-9e34-bb3459e250d0"
},
{
"db": "CNVD",
"id": "CNVD-2019-15888"
},
{
"db": "VULHUB",
"id": "VHN-158256"
},
{
"db": "BID",
"id": "108366"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004760"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-798"
},
{
"db": "NVD",
"id": "CVE-2019-6821"
}
]
},
"id": "VAR-201905-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "264dd250-479d-4b77-9e34-bb3459e250d0"
},
{
"db": "CNVD",
"id": "CNVD-2019-15888"
},
{
"db": "VULHUB",
"id": "VHN-158256"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "264dd250-479d-4b77-9e34-bb3459e250d0"
},
{
"db": "CNVD",
"id": "CNVD-2019-15888"
}
]
},
"last_update_date": "2024-11-23T22:33:56.183000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/"
},
{
"title": "Modicon M580/M340/Premium/Quantum patch with insufficient random value exploits",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/162385"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15888"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004760"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158256"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004760"
},
{
"db": "NVD",
"id": "CVE-2019-6821"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108366"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-136-01"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6821"
},
{
"trust": 0.9,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.9,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026p_file_name=sevd-2019-134-03+-+modicon+controller.pdf\u0026p_doc_ref=sevd-2019-134-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6821"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-136-01"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-6821"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15888"
},
{
"db": "VULHUB",
"id": "VHN-158256"
},
{
"db": "BID",
"id": "108366"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004760"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-798"
},
{
"db": "NVD",
"id": "CVE-2019-6821"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "264dd250-479d-4b77-9e34-bb3459e250d0"
},
{
"db": "CNVD",
"id": "CNVD-2019-15888"
},
{
"db": "VULHUB",
"id": "VHN-158256"
},
{
"db": "BID",
"id": "108366"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004760"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-798"
},
{
"db": "NVD",
"id": "CVE-2019-6821"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "IVD",
"id": "264dd250-479d-4b77-9e34-bb3459e250d0"
},
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15888"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-158256"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108366"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004760"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-798"
},
{
"date": "2019-05-22T20:29:02.183000",
"db": "NVD",
"id": "CVE-2019-6821"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15888"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158256"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108366"
},
{
"date": "2019-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004760"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-798"
},
{
"date": "2024-11-21T04:47:13.233000",
"db": "NVD",
"id": "CVE-2019-6821"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-798"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerabilities related to insufficient random values in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004760"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-798"
}
],
"trust": 0.6
}
}
var-201905-1031
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. plural Modicon The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
Several Schneider Electric products have input validation error vulnerabilities. An attacker could use this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7849",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7849",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34827",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137881",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7849",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7849",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7849",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7849",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-34827",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-922",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137881",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7849",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. plural Modicon The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nSeveral Schneider Electric products have input validation error vulnerabilities. An attacker could use this vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "VULMON",
"id": "CVE-2018-7849"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7849",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0737",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-34827",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476",
"trust": 0.8
},
{
"db": "IVD",
"id": "B64FC880-1ACF-4FF9-B621-6D507DD1FEDF",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137881",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7849",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"id": "VAR-201905-1031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "VULHUB",
"id": "VHN-137881"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
}
]
},
"last_update_date": "2024-11-23T21:52:12.424000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yanissec/CVE-2018-7849 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7849"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0737"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7849"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0737"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://github.com/yanissec/cve-2018-7849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"db": "VULHUB",
"id": "VHN-137881"
},
{
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137881"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"date": "2019-05-22T20:29:01.777000",
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34827"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137881"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7849"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015476"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-922"
},
{
"date": "2024-11-21T04:12:52.480000",
"db": "NVD",
"id": "CVE-2018-7849"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015476"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "b64fc880-1acf-4ff9-b621-6d507dd1fedf"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-922"
}
],
"trust": 0.8
}
}
var-201905-1028
Vulnerability from variot
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller. plural Modicon Product Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
A buffer overflow vulnerability exists in several Schneider Electric products. Attackers can exploit this vulnerability to gain unauthorized access through brute force. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-45192"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015479"
},
{
"db": "NVD",
"id": "CVE-2018-7846"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015479"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-919"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7846",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7846",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-45192",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137878",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7846",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7846",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7846",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7846",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-45192",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-919",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137878",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7846",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-45192"
},
{
"db": "VULHUB",
"id": "VHN-137878"
},
{
"db": "VULMON",
"id": "CVE-2018-7846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015479"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-919"
},
{
"db": "NVD",
"id": "CVE-2018-7846"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller. plural Modicon Product Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and other products are products of Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nA buffer overflow vulnerability exists in several Schneider Electric products. Attackers can exploit this vulnerability to gain unauthorized access through brute force. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015479"
},
{
"db": "CNVD",
"id": "CNVD-2019-45192"
},
{
"db": "IVD",
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b"
},
{
"db": "VULHUB",
"id": "VHN-137878"
},
{
"db": "VULMON",
"id": "CVE-2018-7846"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7846",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2018-0735",
"trust": 1.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-919",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-45192",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015479",
"trust": 0.8
},
{
"db": "IVD",
"id": "8A070701-FCBA-4DD8-8631-FCEC23C09A5B",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137878",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7846",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-45192"
},
{
"db": "VULHUB",
"id": "VHN-137878"
},
{
"db": "VULMON",
"id": "CVE-2018-7846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015479"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-919"
},
{
"db": "NVD",
"id": "CVE-2018-7846"
}
]
},
"id": "VAR-201905-1028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-45192"
},
{
"db": "VULHUB",
"id": "VHN-137878"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-45192"
}
]
},
"last_update_date": "2024-11-23T21:52:12.386000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015479"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015479"
},
{
"db": "NVD",
"id": "CVE-2018-7846"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7846"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0735"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7846"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0735"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/668.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-45192"
},
{
"db": "VULHUB",
"id": "VHN-137878"
},
{
"db": "VULMON",
"id": "CVE-2018-7846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015479"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-919"
},
{
"db": "NVD",
"id": "CVE-2018-7846"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b"
},
{
"db": "CNVD",
"id": "CNVD-2019-45192"
},
{
"db": "VULHUB",
"id": "VHN-137878"
},
{
"db": "VULMON",
"id": "CVE-2018-7846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015479"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-919"
},
{
"db": "NVD",
"id": "CVE-2018-7846"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "IVD",
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b"
},
{
"date": "2019-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-45192"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137878"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7846"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015479"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-919"
},
{
"date": "2019-05-22T20:29:01.667000",
"db": "NVD",
"id": "CVE-2018-7846"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-45192"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137878"
},
{
"date": "2022-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7846"
},
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015479"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-919"
},
{
"date": "2024-11-21T04:12:52.140000",
"db": "NVD",
"id": "CVE-2018-7846"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-919"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Product Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015479"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "8a070701-fcba-4dd8-8631-fcec23c09a5b"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-919"
}
],
"trust": 0.8
}
}
var-202001-0449
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions.
Several Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0449",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxp573634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp57554m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65150",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "tsxp57204m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp57454m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp57304m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp572634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65260",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "140cpu67160",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "tsxp57354m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu67861",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "140cpu67060",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "140cpu67160s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "tsxp576634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxh5724m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp571634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": "tsxp57104m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp574634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65860",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "140cpu67261",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.80"
},
{
"model": "tsxh5744m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65160s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "tsxp57154m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "140cpu65160",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "140cpu67260",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.52"
},
{
"model": "tsxp57254m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "tsxp575634m",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.01"
},
{
"model": "electric modicon m580",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.80"
},
{
"model": "electric modicon premium",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.20"
},
{
"model": "electric modicon quantum",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.52"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014057"
},
{
"db": "NVD",
"id": "CVE-2019-6856"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxh5724m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxh5744m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57354m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57454m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp574634m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57554m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp575634m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp576634m_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014057"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chansim Deng",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-834"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6856",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6856",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-02578",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6856",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6856",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6856",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6856",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-02578",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-834",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014057"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-834"
},
{
"db": "NVD",
"id": "CVE-2019-6856"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. \n\nSeveral Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014057"
},
{
"db": "CNVD",
"id": "CNVD-2020-02578"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6856",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-016-01",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-344-01",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014057",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-02578",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0189",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-834",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014057"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-834"
},
{
"db": "NVD",
"id": "CVE-2019-6856"
}
]
},
"id": "VAR-202001-0449",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02578"
}
],
"trust": 1.5935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02578"
}
]
},
"last_update_date": "2024-11-23T21:36:14.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-344-01",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01/"
},
{
"title": "Patch for Multiple Schneider Electric Product Code Issue Vulnerabilities (CNVD-2020-02578)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/197257"
},
{
"title": "Multiple Schneider Electric Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106371"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014057"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-834"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014057"
},
{
"db": "NVD",
"id": "CVE-2019-6856"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6856"
},
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-344-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6856"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18615"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0189/"
},
{
"trust": 0.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-344-01/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014057"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-834"
},
{
"db": "NVD",
"id": "CVE-2019-6856"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02578"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014057"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-834"
},
{
"db": "NVD",
"id": "CVE-2019-6856"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02578"
},
{
"date": "2020-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014057"
},
{
"date": "2019-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-834"
},
{
"date": "2020-01-06T23:15:11.317000",
"db": "NVD",
"id": "CVE-2019-6856"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02578"
},
{
"date": "2020-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014057"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-834"
},
{
"date": "2024-11-21T04:47:17.430000",
"db": "NVD",
"id": "CVE-2019-6856"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-834"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in checking exceptional conditions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014057"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-834"
}
],
"trust": 0.6
}
}
var-201910-0580
Vulnerability from variot
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric.
A denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0580",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon 140cra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon bmxcra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon 140cra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon bmxcra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon bmxcra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon 140cra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon bmxcra",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon 140cra",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-41494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011436"
},
{
"db": "NVD",
"id": "CVE-2019-6847"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_140cra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_bmxcra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011436"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle and Patrick DeSantis of Cisco Talos https://talosintelligence.com/vulnerability_reports/ Timeline 2019-06-21 - Vendor Disclosure Summary An exploitable denial of service vulnerability exists in the UMAS REST API getcominfo functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted HTTP request can cause the device to enter a non-recoverable fault state , resulting in a complete stoppage of remote communications with the device. An attacker can send unauthenticated commands to trigger this vulnerability. Tested Versions Schneider Electric Modicon M580 BMEP582040 SV2.80 Product URLs https://www.schneider-electric.com/en/work/campaign/m580-epac/ CVSSv3 Score 8.6 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CWE CWE-248: Uncaught Exception Details The Modicon M580 is the latest in Schneider Electric\u0027s Modicon line of Programmable Automation Controllers. The device boasts a Wurldtech Achilles Level 2 certification and global policy controls to quickly enforce various security configurations. Communication with the device is possible over FTP , TFTP , HTTP , SNMP , EtherNet/IP , Modbus , and a management protocol referred to as UMAS. A REST API that allows clients to interact with various pieces of functionality on the device is on the web server , including viewing alarms , querying rack information , and performing select UMAS requests. It is possible to read the registered name of the client holding a PLC reservation by leveraging the /rest/umas/getcominfo UMAS endpoint. In cases where a client has obtained a reservation using a registered name of at least 0x34 bytes , a request to the getcominfo endpoint will sometimes cause the device to enter a non-recoverable fault state. In cases where the fault state does not occur , the HTTP server will become unresponsive. In the non-recoverable fault state , the CPU has entered an error mode where all remote communications have been stopped , process logic stops execution , and the device requires a physical power cycle to regain functionality. Exploit Proof of Concept import structimport socketimport requestsimport random# set up static datarhost = 192.168.10.1rport = 502verbose = Truedef main(): s = socket.socket(socket.AF_INET , socket.SOCK_STREAM) s.connect((rhost , rport)) clientname = A*255 clientnameLen = struct.pack(B , len(clientname)) mbapLen = struct.pack(\u003eH , len(clientname) + 9) transid = struct.pack(\u003eH , random.randint(1 , 255)) msg = {}x00x00{}x00x5ax00x10x3bx0ex00x00{}{}.format(transid , mbapLen , clientnameLen , clientname) s.send(msg) try: uri = http://{}/rest/umas/getcominfo.format(rhost) resp = requests.get(uri , timeout=5) except requests.exceptions.ReadTimeout: print([*] Request timed out. This usually indicates a device fault) except KeyboardInterrupt: print([*] Exiting...) s.close()if __name__ == \u0027__main__\u0027: main() Timeline 2019-06-21 - Vendor Disclosure 2019-08-29 - Vendor requested to reject issue 2019-09-03 - Talos provided additional feedback to substantiate vulnerability 2019-09-20 - Vendor acknowledged issue as vulnerability \u0026 advised plan for October 2019 disclosure 2019-10-08 - Public Release Credit Discovered by Jared Rittle of Cisco Talos,Discovered by Jared Rittle and Patrick DeSantis of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-395"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6847",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-6847",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-41494",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2019-6847",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6847",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6847",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6847",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-41494",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-395",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-41494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011436"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-395"
},
{
"db": "NVD",
"id": "CVE-2019-6847"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric. \n\nA denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6847"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011436"
},
{
"db": "CNVD",
"id": "CNVD-2019-41494"
},
{
"db": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6847",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-281-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2019-41494",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-395",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011436",
"trust": 0.8
},
{
"db": "TALOS",
"id": "TALOS-2019-0847",
"trust": 0.6
},
{
"db": "IVD",
"id": "FDFC7AAF-7B5B-40B9-9299-E58B8CB8FA2A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-41494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011436"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-395"
},
{
"db": "NVD",
"id": "CVE-2019-6847"
}
]
},
"id": "VAR-201910-0580",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-41494"
}
],
"trust": 1.7978355000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-41494"
}
]
},
"last_update_date": "2024-11-23T21:36:37.604000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-281-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
},
{
"title": "Patch for Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/190779"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011436"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011436"
},
{
"db": "NVD",
"id": "CVE-2019-6847"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6847"
},
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-281-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6847"
},
{
"trust": 0.6,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-02"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0847"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011436"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-395"
},
{
"db": "NVD",
"id": "CVE-2019-6847"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-41494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011436"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-395"
},
{
"db": "NVD",
"id": "CVE-2019-6847"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a"
},
{
"date": "2019-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41494"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011436"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-395"
},
{
"date": "2019-10-29T19:15:22.267000",
"db": "NVD",
"id": "CVE-2019-6847"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41494"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011436"
},
{
"date": "2021-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-395"
},
{
"date": "2024-11-21T04:47:16.320000",
"db": "NVD",
"id": "CVE-2019-6847"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-395"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-41494"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "fdfc7aaf-7b5b-40b9-9299-e58b8cb8fa2a"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-395"
}
],
"trust": 0.8
}
}
var-201909-0039
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "3.10"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.90"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009443"
},
{
"db": "NVD",
"id": "CVE-2019-6809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009443"
}
]
},
"cve": "CVE-2019-6809",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6809",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158244",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6809",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6809",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6809",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6809",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-930",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158244",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158244"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009443"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-930"
},
{
"db": "NVD",
"id": "CVE-2019-6809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6809"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009443"
},
{
"db": "VULHUB",
"id": "VHN-158244"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6809",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009443",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-930",
"trust": 0.7
},
{
"db": "TALOS",
"id": "TALOS-2018-0736",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158244",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158244"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009443"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-930"
},
{
"db": "NVD",
"id": "CVE-2019-6809"
}
]
},
"id": "VAR-201909-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158244"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:52:12.818000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009443"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.9
},
{
"problemtype": "CWE-248",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158244"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009443"
},
{
"db": "NVD",
"id": "CVE-2019-6809"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6809"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6809"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0736"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158244"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009443"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-930"
},
{
"db": "NVD",
"id": "CVE-2019-6809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158244"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009443"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-930"
},
{
"db": "NVD",
"id": "CVE-2019-6809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158244"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009443"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-930"
},
{
"date": "2019-09-17T20:15:11.780000",
"db": "NVD",
"id": "CVE-2019-6809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158244"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009443"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-930"
},
{
"date": "2024-11-21T04:47:12.130000",
"db": "NVD",
"id": "CVE-2019-6809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-930"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in handling exceptional conditions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009443"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-930"
}
],
"trust": 0.6
}
}
var-201905-1039
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon premium",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.20"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.80"
},
{
"model": "modicon quantum",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.60"
},
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015467"
},
{
"db": "NVD",
"id": "CVE-2018-7857"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.60",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.80",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.80",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7857"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-942"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7857",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7857",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7857",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7857",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7857",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-942",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015467"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-942"
},
{
"db": "NVD",
"id": "CVE-2018-7857"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7857"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015467"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7857",
"trust": 2.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0768",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-11",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015467",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-942",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015467"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-942"
},
{
"db": "NVD",
"id": "CVE-2018-7857"
}
]
},
"id": "VAR-201905-1039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6744410375000001
},
"last_update_date": "2022-05-04T08:54:13.235000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-11",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015467"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015467"
},
{
"db": "NVD",
"id": "CVE-2018-7857"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/"
},
{
"trust": 1.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0768"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7857"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7857"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0768"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015467"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-942"
},
{
"db": "NVD",
"id": "CVE-2018-7857"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015467"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-942"
},
{
"db": "NVD",
"id": "CVE-2018-7857"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015467"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-942"
},
{
"date": "2019-05-22T21:29:00",
"db": "NVD",
"id": "CVE-2018-7857"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015467"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-942"
},
{
"date": "2022-02-03T14:23:00",
"db": "NVD",
"id": "CVE-2018-7857"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-942"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to exceptional condition checking in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015467"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-942"
}
],
"trust": 0.6
}
}
var-201909-0042
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 controller Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and BMXNOR0200H Ethernet/Serial RTU module are products of Schneider Electric (France). Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module.
Schneider Electric BMXNOR0200H Ethernet/Serial RTU module and Modicon M340 controller have code issue vulnerabilities. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. There is currently no detailed vulnerability details provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric schneider electric bmxnor0200h ethernet/serial rtu module",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
}
]
},
"cve": "CVE-2019-6813",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6813",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-25045",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158248",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6813",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6813",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6813",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6813",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-25045",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-819",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158248",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 controller Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and BMXNOR0200H Ethernet/Serial RTU module are products of Schneider Electric (France). Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module. \n\r\n\r\nSchneider Electric BMXNOR0200H Ethernet/Serial RTU module and Modicon M340 controller have code issue vulnerabilities. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. There is currently no detailed vulnerability details provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6813"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6813",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-225-03",
"trust": 2.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-225-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-25045",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-044-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0526",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201909-819",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158248",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"id": "VAR-201909-0042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
}
]
},
"last_update_date": "2024-11-23T22:06:01.633000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-225-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-02/"
},
{
"title": "SEVD-2019-225-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-225-03/"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-225-02/"
},
{
"trust": 1.7,
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6813"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6813"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-044-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0526/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158248"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"date": "2019-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"date": "2019-09-17T20:15:12",
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"date": "2019-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158248"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"date": "2024-11-21T04:47:12.570000",
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 controller Vulnerabilities related to exceptional state checking",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
}
],
"trust": 0.6
}
}
var-201910-0574
Vulnerability from variot
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric.
A denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0574",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon 140cra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon bmxcra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon 140cra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon bmxcra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon bmxcra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon 140cra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon bmxcra",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon 140cra",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c"
},
{
"db": "CNVD",
"id": "CNVD-2019-41493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011438"
},
{
"db": "NVD",
"id": "CVE-2019-6841"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_140cra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_bmxcra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011438"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-424"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6841",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-6841",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-41493",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2019-6841",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6841",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6841",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6841",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-41493",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-424",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c"
},
{
"db": "CNVD",
"id": "CNVD-2019-41493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011438"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-424"
},
{
"db": "NVD",
"id": "CVE-2019-6841"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol. plural Modicon The product contains an exceptional condition handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric. \n\nA denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6841"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011438"
},
{
"db": "CNVD",
"id": "CNVD-2019-41493"
},
{
"db": "IVD",
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6841",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-281-02",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2019-41493",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-424",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011438",
"trust": 0.8
},
{
"db": "TALOS",
"id": "TALOS-2019-0822",
"trust": 0.6
},
{
"db": "IVD",
"id": "F8B0FD24-FB1E-4E29-81DE-50F1F528C64C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c"
},
{
"db": "CNVD",
"id": "CNVD-2019-41493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011438"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-424"
},
{
"db": "NVD",
"id": "CVE-2019-6841"
}
]
},
"id": "VAR-201910-0574",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c"
},
{
"db": "CNVD",
"id": "CNVD-2019-41493"
}
],
"trust": 1.7978355000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c"
},
{
"db": "CNVD",
"id": "CNVD-2019-41493"
}
]
},
"last_update_date": "2024-11-23T21:36:37.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-281-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
},
{
"title": "Patch for Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of Service Vulnerability (CNVD-2019-41493)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/190771"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011438"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011438"
},
{
"db": "NVD",
"id": "CVE-2019-6841"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6841"
},
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-281-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6841"
},
{
"trust": 0.6,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-02"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0822"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011438"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-424"
},
{
"db": "NVD",
"id": "CVE-2019-6841"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c"
},
{
"db": "CNVD",
"id": "CNVD-2019-41493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011438"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-424"
},
{
"db": "NVD",
"id": "CVE-2019-6841"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c"
},
{
"date": "2019-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41493"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011438"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-424"
},
{
"date": "2019-10-29T19:15:21.830000",
"db": "NVD",
"id": "CVE-2019-6841"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41493"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011438"
},
{
"date": "2021-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-424"
},
{
"date": "2024-11-21T04:47:15.580000",
"db": "NVD",
"id": "CVE-2019-6841"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability in handling exceptional conditions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011438"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "f8b0fd24-fb1e-4e29-81de-50f1f528c64c"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-424"
}
],
"trust": 0.8
}
}
var-201905-0035
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M340 is a complex device and small and medium-sized project programmable controller (PLC). Modicon Premium is a complex control programmable controller (PLC). Modicon Quantum is a process control programmable controller (PLC). The Modicon M580 is a programmable automation controller (PAC). Modicon M580/M340/Premium/Quantum has an abnormality check for anomalies. An attacker could exploit the vulnerability by sending a specific Modbus frame to cause a denial of service. Schneider Electric Modicon Controllers are prone to a denial-of-service vulnerability. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": "modicon m580",
"scope": "lt",
"trust": 1.8,
"vendor": "schneider electric",
"version": "2.80"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v3.01"
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "v2.80"
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.30"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.20"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.9"
},
{
"model": "modicon m580",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.80"
},
{
"model": "modicon m340",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m340",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon m580",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon quantum",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modicon premium",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "87dc0327-d573-496f-a02c-d0b520f33b35"
},
{
"db": "CNVD",
"id": "CNVD-2019-15937"
},
{
"db": "BID",
"id": "109004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004815"
},
{
"db": "NVD",
"id": "CVE-2019-6819"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_premium_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_quantum_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004815"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhang Xiaoming, Sun Zhonghao and Luo bing of CNCERT/CC., Zhang Jiawei",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-931"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6819",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6819",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-15937",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "87dc0327-d573-496f-a02c-d0b520f33b35",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158254",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6819",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6819",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6819",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6819",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-15937",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-931",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "87dc0327-d573-496f-a02c-d0b520f33b35",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158254",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "87dc0327-d573-496f-a02c-d0b520f33b35"
},
{
"db": "CNVD",
"id": "CNVD-2019-15937"
},
{
"db": "VULHUB",
"id": "VHN-158254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004815"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-931"
},
{
"db": "NVD",
"id": "CVE-2019-6819"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M340 is a complex device and small and medium-sized project programmable controller (PLC). Modicon Premium is a complex control programmable controller (PLC). Modicon Quantum is a process control programmable controller (PLC). The Modicon M580 is a programmable automation controller (PAC). Modicon M580/M340/Premium/Quantum has an abnormality check for anomalies. An attacker could exploit the vulnerability by sending a specific Modbus frame to cause a denial of service. Schneider Electric Modicon Controllers are prone to a denial-of-service vulnerability. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). This vulnerability stems from improper design or implementation problems in the code development process of network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6819"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004815"
},
{
"db": "CNVD",
"id": "CNVD-2019-15937"
},
{
"db": "BID",
"id": "109004"
},
{
"db": "IVD",
"id": "87dc0327-d573-496f-a02c-d0b520f33b35"
},
{
"db": "VULHUB",
"id": "VHN-158254"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6819",
"trust": 3.6
},
{
"db": "BID",
"id": "109004",
"trust": 2.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-134-05",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-183-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201905-931",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-15937",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004815",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.2424",
"trust": 0.6
},
{
"db": "IVD",
"id": "87DC0327-D573-496F-A02C-D0B520F33B35",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158254",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "87dc0327-d573-496f-a02c-d0b520f33b35"
},
{
"db": "CNVD",
"id": "CNVD-2019-15937"
},
{
"db": "VULHUB",
"id": "VHN-158254"
},
{
"db": "BID",
"id": "109004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004815"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-931"
},
{
"db": "NVD",
"id": "CVE-2019-6819"
}
]
},
"id": "VAR-201905-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "87dc0327-d573-496f-a02c-d0b520f33b35"
},
{
"db": "CNVD",
"id": "CNVD-2019-15937"
},
{
"db": "VULHUB",
"id": "VHN-158254"
}
],
"trust": 1.8935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "87dc0327-d573-496f-a02c-d0b520f33b35"
},
{
"db": "CNVD",
"id": "CNVD-2019-15937"
}
]
},
"last_update_date": "2024-11-23T21:59:58.807000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-134-05",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/"
},
{
"title": "Modicon M580/M340/Premium/Quantum exception check for patches for improper vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/162447"
},
{
"title": "Multiple Schneider Electric Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92897"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15937"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004815"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-931"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004815"
},
{
"db": "NVD",
"id": "CVE-2019-6819"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/109004"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-05/"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-183-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6819"
},
{
"trust": 0.9,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6819"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-6819"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2424/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15937"
},
{
"db": "VULHUB",
"id": "VHN-158254"
},
{
"db": "BID",
"id": "109004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004815"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-931"
},
{
"db": "NVD",
"id": "CVE-2019-6819"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "87dc0327-d573-496f-a02c-d0b520f33b35"
},
{
"db": "CNVD",
"id": "CNVD-2019-15937"
},
{
"db": "VULHUB",
"id": "VHN-158254"
},
{
"db": "BID",
"id": "109004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004815"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-931"
},
{
"db": "NVD",
"id": "CVE-2019-6819"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "IVD",
"id": "87dc0327-d573-496f-a02c-d0b520f33b35"
},
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15937"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-158254"
},
{
"date": "2019-07-02T00:00:00",
"db": "BID",
"id": "109004"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004815"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-931"
},
{
"date": "2019-05-22T20:29:02.090000",
"db": "NVD",
"id": "CVE-2019-6819"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15937"
},
{
"date": "2019-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-158254"
},
{
"date": "2019-07-02T00:00:00",
"db": "BID",
"id": "109004"
},
{
"date": "2019-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004815"
},
{
"date": "2019-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-931"
},
{
"date": "2024-11-21T04:47:12.980000",
"db": "NVD",
"id": "CVE-2019-6819"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-931"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to exceptional condition checking in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004815"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "87dc0327-d573-496f-a02c-d0b520f33b35"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-931"
}
],
"trust": 0.8
}
}
cve-2024-5056
Vulnerability from cvelistv5
Published
2024-06-12 12:10
Modified
2024-08-01 21:03
Severity ?
EPSS score ?
Summary
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may
prevent user to update the device firmware and prevent proper behavior of the webserver when
specific files or directories are removed from the filesystem.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | Modicon M340 |
Version: All versions |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:schneider-electric:modicom_m340_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modicom_m340_firmware",
"vendor": "schneider-electric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modicom_m340",
"vendor": "schneider-electric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T14:14:02.243238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T14:17:06.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M340",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network module, Modicon M340, Modbus/TCP BMXNOE0100",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network module, Modicon M340, Ethernet TCP/IP BMXNOE0110",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem.\n\n"
}
],
"value": "CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T12:10:43.250Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-5056",
"datePublished": "2024-06-12T12:10:43.250Z",
"dateReserved": "2024-05-17T10:06:08.565Z",
"dateUpdated": "2024-08-01T21:03:10.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}